CVE-2021-42553 Information

Description

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

Reference

https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4