CVE-2024-50595

Description

An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c

References

Link	Tags
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102

Frequently Asked Questions

What is the severity of CVE-2024-50595?: CVE-2024-50595 has been scored as a medium severity vulnerability.
How to fix CVE-2024-50595?: To fix CVE-2024-50595, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-50595 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-50595 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-50595?: CVE-2024-50595 affects STMicroelectronics X-CUBE-AZRT-H7RS, STMicroelectronics X-CUBE-AZRTOS-F4, STMicroelectronics X-CUBE-AZRTOS-F7, STMicroelectronics X-CUBE-AZRTOS-G0, STMicroelectronics X-CUBE-AZRTOS-G4, STMicroelectronics X-CUBE-AZRTOS-H7, STMicroelectronics X-CUBE-AZRTOS-L4, STMicroelectronics X-CUBE-AZRTOS-L5, STMicroelectronics X-CUBE-AZRTOS-WB, STMicroelectronics X-CUBE-AZRTOS-WL.

Description

Category

CWE-191 – Integer Underflow (Wrap or Wraparound)

References

Frequently Asked Questions