CVE-2021-42553
Summary
| CVE | CVE-2021-42553 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-21 10:15:00 UTC |
| Updated | 2023-03-07 13:15:00 UTC |
| Description | A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs. |
Risk And Classification
Problem Types: CWE-120
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | St | Stm32 Mw Usb Host | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Fix buffer overflow by Defonceuse · Pull Request #4 · STMicroelectronics/stm32_mw_usb_host · GitHub | CONFIRM | github.com | |
| GitHub - STMicroelectronics/stm32_mw_usb_host: Provides the USB Host library part of the STM32Cube MCU Component "middleware" for all STM32xx series. | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: github.com/Defonceuse
There are currently no legacy QID mappings associated with this CVE.