CVE-2024-50385

Published: Apr 2, 2025Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

Affected (10)

Products: St: X Cube Azrt H7rs, X Cube Azrtos F4, X Cube Azrtos F7, X Cube Azrtos G0, X Cube Azrtos G4, X Cube Azrtos H7, X Cube Azrtos L4, X Cube Azrtos L5, X Cube Azrtos Wb, X Cube Azrtos Wl

10 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
St X Cube Azrt H7rs	Version 1.0.0
St X Cube Azrtos F4	Version 1.1.0
St X Cube Azrtos F7	Version 1.1.0
St X Cube Azrtos G0	Version 1.1.0
St X Cube Azrtos G4	Version 2.0.0
St X Cube Azrtos H7	Version 3.3.0
St X Cube Azrtos L4	Version 2.0.0
St X Cube Azrtos L5	Version 2.0.0
St X Cube Azrtos Wb	Version 2.0.0
St X Cube Azrtos Wl	Version 2.0.0

Related CWEs

CWE-459

Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2097

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.