CVE-2024-45064: A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially...
Description
A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Classification
CVE ID: CVE-2024-45064
CVSS Base Severity: HIGH
CVSS Base Score: 8.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
Vendor: STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics
Product: X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB, X-CUBE-AZRTOS-WL
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.08% (probability of being exploited)
EPSS Percentile: 24.33% (scored less or equal to compared to others)
EPSS Date: 2025-05-01 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45064https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096