{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.0.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" }, { "introduced": "0" }, { "last_affected": "1.1.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "468d2c42a6fcedec0ca5b61c56211297f903f72e" }, { "introduced": "0" }, { "last_affected": "2b77e6fa7dd42cd60a959cff12abc8c3055dc543" }, { "introduced": "0" }, { "last_affected": "2b77e6fa7dd42cd60a959cff12abc8c3055dc543" }, { "introduced": "0" }, { "last_affected": "2b77e6fa7dd42cd60a959cff12abc8c3055dc543" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-g0", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" }, { "introduced": "0" }, { "last_affected": "20a91a2e6f37b58bb424946535c7ac9111481128" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-g4", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.3.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "3e4c2f475bd18eaaec0c74b2719c9e9e19f7d66e" } ], "repo": "https://github.com/stmicroelectronics/x-cube-azrtos-h7", "type": "GIT" } ] } ], "details": "An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c", "id": "CVE-2024-50595", "modified": "2026-04-01T23:10:41.600199509Z", "published": "2025-04-02T14:15:43.993Z", "references": [ { "type": "WEB", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2102" }, { "type": "EVIDENCE", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2102" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }