Lucene search

NCSC.chCVELIST:CVE-2021-42553

HistoryOct 21, 2022 - 12:00 a.m.

CVE-2021-42553 STM32 USB Host Library Buffer Overflow

2022-10-2100:00:00

NCSC.ch

www.cve.org

stm32

usb host

buffer overflow

stmicroelectronics

freertos

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.9%

JSON

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

CNA Affected

[
  {
    "vendor": "STMicroelectronics STM32Cube ",
    "product": "STM32 USB Host Library",
    "versions": [
      {
        "version": "all",
        "status": "affected",
        "lessThan": "3.5.1",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/STMicroelectronics/stm32_mw_usb_host

github.com/STMicroelectronics/stm32_mw_usb_host/pull/4

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

69.9%

JSON

Related for CVELIST:CVE-2021-42553