CVE-2024-50597

Published: Apr 2, 2025Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

Affected (10)

Products: St: X Cube Azrt H7rs, X Cube Azrtos F4, X Cube Azrtos F7, X Cube Azrtos G0, X Cube Azrtos G4, X Cube Azrtos H7, X Cube Azrtos L4, X Cube Azrtos L5, X Cube Azrtos Wb, X Cube Azrtos Wl

10 products

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
St X Cube Azrt H7rs	Version 1.0.0
St X Cube Azrtos F4	Version 1.1.0
St X Cube Azrtos F7	Version 1.1.0
St X Cube Azrtos G0	Version 1.1.0
St X Cube Azrtos G4	Version 2.0.0
St X Cube Azrtos H7	Version 3.3.0
St X Cube Azrtos L4	Version 2.0.0
St X Cube Azrtos L5	Version 2.0.0
St X Cube Azrtos Wb	Version 2.0.0
St X Cube Azrtos Wl	Version 2.0.0

Related CWEs

CWE-191

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.