CVE-2024-50384

Description

A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c

References

Link	Tags
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2097

Frequently Asked Questions

What is the severity of CVE-2024-50384?: CVE-2024-50384 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50384?: To fix CVE-2024-50384, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50384 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50384 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50384?: CVE-2024-50384 affects STMicroelectronics X-CUBE-AZRT-H7RS, STMicroelectronics X-CUBE-AZRTOS-F4, STMicroelectronics X-CUBE-AZRTOS-F7, STMicroelectronics X-CUBE-AZRTOS-G0, STMicroelectronics X-CUBE-AZRTOS-G4, STMicroelectronics X-CUBE-AZRTOS-H7, STMicroelectronics X-CUBE-AZRTOS-L4, STMicroelectronics X-CUBE-AZRTOS-L5, STMicroelectronics X-CUBE-AZRTOS-WB, STMicroelectronics X-CUBE-AZRTOS-WL.

Description

Category

CWE-459 – Incomplete Cleanup

References

Frequently Asked Questions