CVE-2024-45064

Published: Apr 2, 2025Modified: Sep 5, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Affected (10)

Products: St: X Cube Azrt H7rs, X Cube Azrtos F4, X Cube Azrtos F7, X Cube Azrtos G0, X Cube Azrtos G4, X Cube Azrtos H7, X Cube Azrtos L4, X Cube Azrtos L5, X Cube Azrtos Wb, X Cube Azrtos Wl

10 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
St X Cube Azrt H7rs	Version 1.0.0
St X Cube Azrtos F4	Version 1.1.0
St X Cube Azrtos F7	Version 1.1.0
St X Cube Azrtos G0	Version 1.1.0
St X Cube Azrtos G4	Version 2.0.0
St X Cube Azrtos H7	Version 3.3.0
St X Cube Azrtos L4	Version 2.0.0
St X Cube Azrtos L5	Version 2.0.0
St X Cube Azrtos Wb	Version 2.0.0
St X Cube Azrtos Wl	Version 2.0.0

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2096

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.