A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7MiddlewaresSTnetxduoaddonshttpnxd_http_server.c
Weakness
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| X-cube-azrt-h7rs | St | 1.0.0 (including) | 1.0.0 (including) |
| X-cube-azrtos-f4 | St | 1.1.0 (including) | 1.1.0 (including) |
| X-cube-azrtos-f7 | St | 1.1.0 (including) | 1.1.0 (including) |
| X-cube-azrtos-g0 | St | 1.1.0 (including) | 1.1.0 (including) |
| X-cube-azrtos-g4 | St | 2.0.0 (including) | 2.0.0 (including) |
| X-cube-azrtos-h7 | St | 3.3.0 (including) | 3.3.0 (including) |
| X-cube-azrtos-l4 | St | 2.0.0 (including) | 2.0.0 (including) |
| X-cube-azrtos-l5 | St | 2.0.0 (including) | 2.0.0 (including) |
| X-cube-azrtos-wb | St | 2.0.0 (including) | 2.0.0 (including) |
| X-cube-azrtos-wl | St | 2.0.0 (including) | 2.0.0 (including) |