CVE-2024-50597 (GCVE-0-2024-50597)
Vulnerability from cvelistv5 – Published: 2025-04-02 13:41 – Updated: 2025-11-03 19:31
VLAI?
Summary
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c
Severity ?
4.3 (Medium)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| STMicroelectronics | X-CUBE-AZRT-H7RS |
Affected:
1.0.0
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
Credits
Discovered by Kelly Patterson of Cisco Talos.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50597",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T15:00:49.929887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T15:01:25.085Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:31:55.240Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "X-CUBE-AZRT-H7RS",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-F4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-F7",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-G0",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-G4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-H7",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-L4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-L5",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-WB",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-WL",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Patterson of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:41:55.517Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-50597",
"datePublished": "2025-04-02T13:41:55.517Z",
"dateReserved": "2024-10-25T19:20:52.221Z",
"dateUpdated": "2025-11-03T19:31:55.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50597\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2025-04-02T14:15:44.390\",\"lastModified\":\"2025-11-03T20:16:37.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\\\Middlewares\\\\ST\\\\netxduo\\\\addons\\\\http\\\\nxd_http_server.c\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de bajo flujo de enteros en el servidor HTTP, poner la funcionalidad de solicitud de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Un paquete de red especialmente manipulado puede conducir a la negaci\u00f3n del servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad. Esta vulnerabilidad afecta la implementaci\u00f3n del servidor HTTP del componente duo NetX que se puede encontrar en X-Cube-Azrtos-F7 \\\\ MiddleWares \\\\ ST \\\\ NetXDUO \\\\ Addons \\\\ Http \\\\ nxd_http_server.c\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5F8DB8-6A3C-492D-8B9D-2211A3FB2C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69A0188-96F6-40C7-A2BE-8760297E6249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF242900-643B-444B-9DE7-0373C810EA22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE45297-82B1-4E0B-85DF-4A3C4EEC0391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14B5944-7E42-45CD-8053-276C8787FC10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F44785CF-9D3D-44AB-8E92-50C9471C6481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B78921-0E36-459A-AC17-94AC6AF8847F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BA08A3-2A44-43CF-8302-082E44D1B070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163D6B0F-2A31-401D-A1CD-EC77357767BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CD0D34C-C260-4DC4-99A9-24F4C610C710\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50597\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-02T15:00:49.929887Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-02T15:00:55.436Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Discovered by Kelly Patterson of Cisco Talos.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRT-H7RS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-F4\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-F7\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-G0\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-G4\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-H7\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-L4\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-L5\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-WB\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-WL\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}], \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\\\Middlewares\\\\ST\\\\netxduo\\\\addons\\\\http\\\\nxd_http_server.c\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-191\", \"description\": \"CWE-191: Integer Underflow (Wrap or Wraparound)\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2025-04-02T13:41:55.517Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-50597\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T15:01:25.085Z\", \"dateReserved\": \"2024-10-25T19:20:52.221Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2025-04-02T13:41:55.517Z\", \"assignerShortName\": \"talos\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…