{"id":"CVE-2024-50597","details":"An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\\Middlewares\\ST\\netxduo\\addons\\http\\nxd_http_server.c","modified":"2026-07-08T07:03:21.610292310Z","published":"2025-04-02T13:41:55.517Z","database_specific":{"cwe_ids":["CWE-191"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50597.json","cna_assigner":"talos","unresolved_ranges":[{"extracted_events":[{"introduced":"1.0.0"},{"last_affected":"1.0.0"},{"introduced":"1.1.0"},{"last_affected":"1.1.0"},{"introduced":"1.1.0"},{"last_affected":"1.1.0"},{"introduced":"1.1.0"},{"last_affected":"1.1.0"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"3.3.0"},{"last_affected":"3.3.0"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"},{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://talosintelligence.com/vulnerability_reports/TALOS-2024-2103"},{"type":"WEB","url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2103"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/50xxx/CVE-2024-50597.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50597"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-f4","events":[{"introduced":"2375136d1a1946b7303a02d2fe1958399358c5f6"},{"last_affected":"2375136d1a1946b7303a02d2fe1958399358c5f6"}],"database_specific":{"extracted_events":[{"introduced":"1.1.0"},{"last_affected":"1.1.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["1.1.0","v1.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-f7","events":[{"introduced":"de4e8cdb81a32552e8b02f7917c9b772f50c6999"},{"last_affected":"de4e8cdb81a32552e8b02f7917c9b772f50c6999"}],"database_specific":{"extracted_events":[{"introduced":"1.1.0"},{"last_affected":"1.1.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["1.1.0","v1.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-g0","events":[{"introduced":"2b77e6fa7dd42cd60a959cff12abc8c3055dc543"},{"last_affected":"2b77e6fa7dd42cd60a959cff12abc8c3055dc543"}],"database_specific":{"extracted_events":[{"introduced":"1.1.0"},{"last_affected":"1.1.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["1.1.0","v1.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-g4","events":[{"introduced":"20a91a2e6f37b58bb424946535c7ac9111481128"},{"last_affected":"20a91a2e6f37b58bb424946535c7ac9111481128"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["2.0.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-h7","events":[{"introduced":"3e4c2f475bd18eaaec0c74b2719c9e9e19f7d66e"},{"last_affected":"3e4c2f475bd18eaaec0c74b2719c9e9e19f7d66e"}],"database_specific":{"extracted_events":[{"introduced":"3.3.0"},{"last_affected":"3.3.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["3.3.0","v3.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-l4","events":[{"introduced":"821f884de9a2bcb47ce96dd459d3d6da74320aa5"},{"last_affected":"821f884de9a2bcb47ce96dd459d3d6da74320aa5"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["2.0.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-l5","events":[{"introduced":"9f66d76eab6f42d5c73ec86c484fdbff4d0c3fc9"},{"last_affected":"9f66d76eab6f42d5c73ec86c484fdbff4d0c3fc9"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["2.0.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-wb","events":[{"introduced":"a5cc458e6529a8751255c01cb877d4db0033236a"},{"last_affected":"a5cc458e6529a8751255c01cb877d4db0033236a"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["2.0.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/x-cube-azrtos-wl","events":[{"introduced":"c6c71ec513c28ce0a09fd2396bc7301e9028a2c1"},{"last_affected":"c6c71ec513c28ce0a09fd2396bc7301e9028a2c1"}],"database_specific":{"extracted_events":[{"introduced":"2.0.0"},{"last_affected":"2.0.0"}],"cpe":"cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:*:*:*:*:*:*:*","source":"CPE_STRING"}}],"versions":["2.0.0","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50597.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}