{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "c2a47c7747c0f6267729bf690dbeee2d0ac1cc0c" }, { "introduced": "0" }, { "last_affected": "2375136d1a1946b7303a02d2fe1958399358c5f6" }, { "introduced": "0" }, { "last_affected": "2375136d1a1946b7303a02d2fe1958399358c5f6" }, { "introduced": "0" }, { "last_affected": "2375136d1a1946b7303a02d2fe1958399358c5f6" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-f4", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-g4", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.3.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "3e4c2f475bd18eaaec0c74b2719c9e9e19f7d66e" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-h7", "type": "GIT" } ] } ], "details": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\web\\nx_web_http_server.c", "id": "CVE-2024-50594", "modified": "2026-04-01T23:10:09.904709799Z", "published": "2025-04-02T14:15:43.773Z", "references": [ { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2102" }, { "type": "EVIDENCE", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }