PT-2024-12419 · Stmicroelectronics · St Hal

Name of the Vulnerable Software and Affected Versions: ST HAL affected versions not specified Description: The issue is related to memory corruption that occurs while processing the Listen Sound Model client payload buffer when there is a request for the Listen Sound session get parameter from ST...

CVE-2023-50096

STMicroelectronics STSAFE-A1xx middleware (versions prior to 3.3.7) is affected by a buffer overflow in StSafeA_ReceiveBytes within the X-CUBE-SAFEA1 sample package (1.2.0), enabling MCU code execution if an attacker can read/write on the I2C bus. The issue affects user-written code derived from ...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Summary The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the lar...

CVE-2021-42553

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

CVE-2021-42553

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

CVE-2021-42553

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

Buffer overflow

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

CVE-2021-42553 STM32 USB Host Library Buffer Overflow

A buffer overflow vulnerability in stm32mwusbhost of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBHMAXNUMENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs...

CVE-2021-42553

The CVE-2021-42553 issue affects STMicroelectronics stm32_mw_usb_host firmware prior to version 3.5.1. A buffer overflow occurs when a USB descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS, enabling arbitrary code execution. The library is typically integrated with RTOSs (e.g., FreeR...

CVE-2021-43393

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

Code injection

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

Code injection

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...

CVE-2021-43392

CVE-2021-43392 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, exposing information about cryptographic secrets via the ECDSA signature algorithm on the Java Card 3.0.4 API. The issue is exploitable for STSAFE-J in closed configurations and for J-SIGN when signature verifica...

CVE-2021-43392

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE...

CVE-2021-43393

STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 and STSAFE-J platforms exposing a 3.0.4 Java Card API. It is exploitable for STSAFE-J in closed...

CVE-2021-43393

CVE-2021-43393 affects STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN, due to how ECDSA verification is exposed via the Java Card API (3.0.4). The issue allows abuse of signature verification and is exploitable for STSAFE-J in closed configurations and J-SIGN when verification is ac...

CVE-2021-34268

An issue in the USBHParseDevDesc function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service DOS via a malformed USB device packet...

CVE-2021-34260

A buffer overflow vulnerability in the USBHParseInterfaceDesc function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code...

CVE-2021-34259

A buffer overflow vulnerability in the USBHParseCfgDesc function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code...