CVE-2024-45064

A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2096	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:::::::*
	cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:::::::*

History

05 Sep 2025, 17:11

Type	Values Removed	Values Added
First Time		St St x-cube-azrtos-g4 St x-cube-azrtos-l4 St x-cube-azrt-h7rs St x-cube-azrtos-l5 St x-cube-azrtos-wl St x-cube-azrtos-f4 St x-cube-azrtos-f7 St x-cube-azrtos-wb St x-cube-azrtos-g0 St x-cube-azrtos-h7
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-2096 - Exploit, Third Party Advisory
References	~~() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2096 -~~	() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2096 - Exploit, Third Party Advisory
Summary		(es) Existe una vulnerabilidad de desbordamiento del búfer en la funcionalidad de interfaz interna FileX Internal RAM de STMicroelectronics X-Cube-Azrtos-WL 2.0.0. Un conjunto especialmente manipulado de paquetes de red puede conducir a la ejecución del código. Un atacante puede enviar una secuencia de solicitudes para activar esta vulnerabilidad.
CPE		cpe:2.3:a:st:x-cube-azrtos-l4:2.0.0:::::::* cpe:2.3:a:st:x-cube-azrtos-f4:1.1.0:::::::* cpe:2.3:a:st:x-cube-azrtos-g4:2.0.0:::::::* cpe:2.3:a:st:x-cube-azrtos-h7:3.3.0:::::::* cpe:2.3:a:st:x-cube-azrtos-l5:2.0.0:::::::* cpe:2.3:a:st:x-cube-azrt-h7rs:1.0.0:::::::* cpe:2.3:a:st:x-cube-azrtos-f7:1.1.0:::::::* cpe:2.3:a:st:x-cube-azrtos-wb:2.0.0:::::::* cpe:2.3:a:st:x-cube-azrtos-wl:2.0.0:::::::* cpe:2.3:a:st:x-cube-azrtos-g0:1.1.0:::::::*

02 Apr 2025, 22:15

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2096 -

02 Apr 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-02 14:15

Updated : 2025-09-05 17:11

NVD link : CVE-2024-45064

Mitre link : CVE-2024-45064

CVE.ORG link : CVE-2024-45064

JSON object : View

Products Affected

x-cube-azrtos-f4
x-cube-azrtos-l4
x-cube-azrtos-f7
x-cube-azrtos-g0
x-cube-azrtos-wb
x-cube-azrtos-wl
x-cube-azrtos-l5
x-cube-azrtos-g4
x-cube-azrt-h7rs
x-cube-azrtos-h7

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

8.5 /10