Description

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

Classification

CVE ID: CVE-2024-50594

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor: STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics, STMicroelectronics

Product: X-CUBE-AZRT-H7RS, X-CUBE-AZRTOS-F4, X-CUBE-AZRTOS-F7, X-CUBE-AZRTOS-G0, X-CUBE-AZRTOS-G4, X-CUBE-AZRTOS-H7, X-CUBE-AZRTOS-L4, X-CUBE-AZRTOS-L5, X-CUBE-AZRTOS-WB, X-CUBE-AZRTOS-WL

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.09% (scored less or equal to compared to others)

EPSS Date: 2025-04-08 (when was this score calculated)

Timeline