{"id":"CVE-2021-42553","details":"A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.","modified":"2026-04-11T18:45:39.185447Z","published":"2022-10-21T10:15:12.470Z","references":[{"type":"FIX","url":"https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4"},{"type":"PACKAGE","url":"https://github.com/STMicroelectronics/stm32_mw_usb_host"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/stm32_mw_usb_host","events":[{"introduced":"0"},{"fixed":"38bc365e09b89c43b495af7261e31fe90a07335c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.5.1"}]}}],"versions":["v3.3.3","v3.3.4","v3.3.5","v3.4.0","v3.4.1","v3.5.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42553.json","vanir_signatures_modified":"2026-04-11T18:45:39Z","vanir_signatures":[{"digest":{"length":211,"function_hash":"101013018286272135665994875130552585540"},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-072d1ca8","target":{"function":"USBH_HID_GetHIDReportDescriptor","file":"Class/HID/Src/usbh_hid.c"}},{"digest":{"line_hashes":["118757189412808123883011596788122090666","294667195086430173860741692290097171141","187214976403033433262228332552118895945","137593365942804554308118282916426684867","291743261773558538913181851473181815724","260965498145777677279161969622068292321","81307865633653044523715750062154126950","182549894355162921880637443123959807508","301162919746761003319096839076056283767","124968190509980897496689359131446923269","137390176746861958459788026219318081218","80495478909957398172814431486051757337","208055177229135412279420259539903455348","14560101632762531518675057492232782613","153030586356154005336452994923539720910","16584116413551807105246457151873222717","210487852908437705905940403739834702258","33262388619799095687826892789662997288","219843744489677069728911090888202348253","190977689263187361247293466551740928154","315686833483779414553681503742526579867","240841403560123479243507627471161479157","67107639677730701250069737636899221797","198829222086163936202469044529065265240","183035321427877351947796026636472330082","104530799870143740031688989610416033612","74164044234099653483398976818513965751","310815255382369357118322684513559788087","291968491637528452032075759668470281357"],"threshold":0.9},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-4bdb2278","target":{"file":"Core/Src/usbh_ctlreq.c"}},{"digest":{"length":204,"function_hash":"82685008848690312917216062201946717037"},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-533c56cb","target":{"function":"USBH_HID_GetHIDDescriptor","file":"Class/HID/Src/usbh_hid.c"}},{"digest":{"line_hashes":["260959252536352337365984465505563015773","147384568506523324819093248178793598121","208380567881834530330500807456090466536","260959252536352337365984465505563015773","147384568506523324819093248178793598121","283928008138869119225923979136231840689"],"threshold":0.9},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Line","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-565d2823","target":{"file":"Class/HID/Src/usbh_hid.c"}},{"digest":{"length":2181,"function_hash":"249341499873474908141161298497588837300"},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-7b2bf7a1","target":{"function":"USBH_ParseCfgDesc","file":"Core/Src/usbh_ctlreq.c"}},{"digest":{"length":1364,"function_hash":"315905044694454016631705563907559952530"},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-92f272e3","target":{"function":"USBH_ParseDevDesc","file":"Core/Src/usbh_ctlreq.c"}},{"digest":{"length":575,"function_hash":"205052923788993717612071099532273944080"},"source":"https://github.com/stmicroelectronics/stm32_mw_usb_host/commit/38bc365e09b89c43b495af7261e31fe90a07335c","signature_type":"Function","signature_version":"v1","deprecated":false,"id":"CVE-2021-42553-d46330e5","target":{"function":"USBH_ParseInterfaceDesc","file":"Core/Src/usbh_ctlreq.c"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}