CVE-2024-50384

Summary

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

Affected Software

VendorProductVersion RangeStatus
STMicroelectronicsX-CUBE-AZRT-H7RS1.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-F41.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-F71.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-G01.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-G42.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-H73.3.0affected
STMicroelectronicsX-CUBE-AZRTOS-L42.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-L52.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-WB2.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-WL2.0.0affected

Weaknesses

  • CWE-459: CWE-459: Incomplete Cleanup

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References