CVE-2024-50595

Name of the Vulnerable Software and Affected Versions STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0

Description An integer underflow issue exists in the HTTP server's PUT request functionality, which can lead to denial of service. This is due to the NetX Duo Component HTTP Server implementation. An attacker can trigger this issue by sending a sequence of malicious packets.

Recommendations For STMicroelectronics X-CUBE-AZRTOS-WL version 2.0.0, consider disabling the HTTP server's PUT request functionality until a patch is available. Restrict access to the nxd http server.c file to minimize the risk of exploitation. Avoid using the vulnerable NetX Duo Component HTTP Server implementation in the x-cube-azrtos-f7MiddlewaresST etxduoaddonshttp directory until the issue is resolved.