CVE-2024-50594

Summary

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

Affected Software

VendorProductVersion RangeStatus
STMicroelectronicsX-CUBE-AZRT-H7RS1.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-F41.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-F71.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-G01.1.0affected
STMicroelectronicsX-CUBE-AZRTOS-G42.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-H73.3.0affected
STMicroelectronicsX-CUBE-AZRTOS-L42.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-L52.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-WB2.0.0affected
STMicroelectronicsX-CUBE-AZRTOS-WL2.0.0affected

Weaknesses

  • CWE-191: CWE-191: Integer Underflow (Wrap or Wraparound)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References