CVE-2024-50594 (GCVE-0-2024-50594)
Vulnerability from cvelistv5
Published
2025-04-02 13:41
Modified
2025-11-03 19:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Summary
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| STMicroelectronics | X-CUBE-AZRT-H7RS |
Version: 1.0.0 |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50594",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-02T14:58:32.955206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T14:58:46.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:31:51.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2102"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "X-CUBE-AZRT-H7RS",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-F4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-F7",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-G0",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "1.1.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-G4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-H7",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "3.3.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-L4",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-L5",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-WB",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
},
{
"product": "X-CUBE-AZRTOS-WL",
"vendor": "STMicroelectronics",
"versions": [
{
"status": "affected",
"version": "2.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Kelly Patterson of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-02T13:41:56.253Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-50594",
"datePublished": "2025-04-02T13:41:56.253Z",
"dateReserved": "2024-10-25T19:20:51.679Z",
"dateUpdated": "2025-11-03T19:31:51.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-50594\",\"sourceIdentifier\":\"talos-cna@cisco.com\",\"published\":\"2025-04-02T14:15:43.773\",\"lastModified\":\"2025-11-03T20:16:37.143\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\\\Middlewares\\\\ST\\\\netxduo\\\\addons\\\\web\\\\nx_web_http_server.c\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de bajo flujo de enteros en el servidor HTTP, poner la funcionalidad de solicitud de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Una serie especialmente manipulado de solicitudes de red puede conducir a la negaci\u00f3n del servicio. Un atacante puede enviar una secuencia de paquetes maliciosos para desencadenar esta vulnerabilidad. Esta vulnerabilidad afecta la implementaci\u00f3n del servidor HTTP de componente web NetX Duo que se puede encontrar en X-Cube-Azrtos-F7 \\\\ MiddleWares \\\\ ST \\\\ NetXDUO \\\\ Addons \\\\ Web \\\\ nx_web_http_server.c.C\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"talos-cna@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-191\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C5F8DB8-6A3C-492D-8B9D-2211A3FB2C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69A0188-96F6-40C7-A2BE-8760297E6249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF242900-643B-444B-9DE7-0373C810EA22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE45297-82B1-4E0B-85DF-4A3C4EEC0391\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14B5944-7E42-45CD-8053-276C8787FC10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F44785CF-9D3D-44AB-8E92-50C9471C6481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9B78921-0E36-459A-AC17-94AC6AF8847F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BA08A3-2A44-43CF-8302-082E44D1B070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"163D6B0F-2A31-401D-A1CD-EC77357767BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CD0D34C-C260-4DC4-99A9-24F4C610C710\"}]}]}],\"references\":[{\"url\":\"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102\",\"source\":\"talos-cna@cisco.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-50594\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-02T14:58:32.955206Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-02T14:58:40.733Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"Discovered by Kelly Patterson of Cisco Talos.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRT-H7RS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-F4\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-F7\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-G0\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-G4\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-H7\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.3.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-L4\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-L5\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-WB\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}, {\"vendor\": \"STMicroelectronics\", \"product\": \"X-CUBE-AZRTOS-WL\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0\"}]}], \"references\": [{\"url\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102\", \"name\": \"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\\\Middlewares\\\\ST\\\\netxduo\\\\addons\\\\web\\\\nx_web_http_server.c\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-191\", \"description\": \"CWE-191: Integer Underflow (Wrap or Wraparound)\"}]}], \"providerMetadata\": {\"orgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"shortName\": \"talos\", \"dateUpdated\": \"2025-04-02T13:41:56.253Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-50594\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T14:58:46.936Z\", \"dateReserved\": \"2024-10-25T19:20:51.679Z\", \"assignerOrgId\": \"b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b\", \"datePublished\": \"2025-04-02T13:41:56.253Z\", \"assignerShortName\": \"talos\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…