{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-50597", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2024-10-25T19:20:52.221Z", "datePublished": "2025-04-02T13:41:55.517Z", "dateUpdated": "2025-04-02T15:01:25.085Z"}, "containers": {"cna": {"affected": [{"vendor": "STMicroelectronics", "product": "X-CUBE-AZRT-H7RS", "versions": [{"version": "1.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F4", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F7", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G0", "versions": [{"version": "1.1.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G4", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-H7", "versions": [{"version": "3.3.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L4", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L5", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WB", "versions": [{"version": "2.0.0", "status": "affected"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WL", "versions": [{"version": "2.0.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "type": "CWE", "cweId": "CWE-191"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-04-02T13:41:55.517Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"}], "credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T15:00:49.929887Z", "id": "CVE-2024-50597", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T15:01:25.085Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-50597", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T15:00:49.929887Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T15:00:55.436Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Kelly Patterson of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "STMicroelectronics", "product": "X-CUBE-AZRT-H7RS", "versions": [{"status": "affected", "version": "1.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F4", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-F7", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G0", "versions": [{"status": "affected", "version": "1.1.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-G4", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-H7", "versions": [{"status": "affected", "version": "3.3.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L4", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-L5", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WB", "versions": [{"status": "affected", "version": "2.0.0"}]}, {"vendor": "STMicroelectronics", "product": "X-CUBE-AZRTOS-WL", "versions": [{"status": "affected", "version": "2.0.0"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"}], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-04-02T13:41:55.517Z"}}}, "cveMetadata": {"cveId": "CVE-2024-50597", "state": "PUBLISHED", "dateUpdated": "2025-04-02T15:01:25.085Z", "dateReserved": "2024-10-25T19:20:52.221Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-04-02T13:41:55.517Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C5F8DB8-6A3C-492D-8B9D-2211A3FB2C07", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A69A0188-96F6-40C7-A2BE-8760297E6249", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF242900-643B-444B-9DE7-0373C810EA22", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "CEE45297-82B1-4E0B-85DF-4A3C4EEC0391", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D14B5944-7E42-45CD-8053-276C8787FC10", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F44785CF-9D3D-44AB-8E92-50C9471C6481", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9B78921-0E36-459A-AC17-94AC6AF8847F", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "58BA08A3-2A44-43CF-8302-082E44D1B070", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "163D6B0F-2A31-401D-A1CD-EC77357767BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CD0D34C-C260-4DC4-99A9-24F4C610C710", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c"}, {"lang": "es", "value": "Existe una vulnerabilidad de bajo flujo de enteros en el servidor HTTP, poner la funcionalidad de solicitud de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Un paquete de red especialmente manipulado puede conducir a la negaci\u00f3n del servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad. Esta vulnerabilidad afecta la implementaci\u00f3n del servidor HTTP del componente duo NetX que se puede encontrar en X-Cube-Azrtos-F7 \\ MiddleWares \\ ST \\ NetXDUO \\ Addons \\ Http \\ nxd_http_server.c"}], "id": "CVE-2024-50597", "lastModified": "2025-09-05T16:46:20.563", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-02T14:15:44.390", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}

{}