CVE-2021-42553 — Vulnetix

CVE-2021-42553 PUBLISHED CVSS 6.800000190734863 MEDIUM

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

EPSS 1.49% · 81.4th percentile

Risk Scores

CVSS 3.1

6.800000190734863

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.49%

81.4th percentile

Affected Products

Vendor	Product	Versions
st	stm32_mw_usb_host
STMicroelectronics STM32Cube	STM32 USB Host Library	all

Exploit Intelligence

https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4 (circl)
https://github.com/STMicroelectronics/stm32_mw_usb_host (circl)

Timeline

Oct 21, 2022 CVE Published
Oct 22, 2022 EPSS Score
Oct 25, 2022 EPSS Score
Dec 5, 2022 EPSS Score
Mar 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 15, 2023 EPSS Score
May 28, 2023 EPSS Score
Jul 11, 2023 EPSS Score
Aug 24, 2023 EPSS Score
Nov 19, 2023 EPSS Score
Jan 2, 2024 EPSS Score

References

https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4 url
https://github.com/STMicroelectronics/stm32_mw_usb_host url
https://nvd.nist.gov/vuln/detail/CVE-2021-42553 advisory

Open in Interactive Console →