### [CVE-2021-42553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42553)
![](https://img.shields.io/static/v1?label=Product&message=STM32%20USB%20Host%20Library&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=all%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=buffer%20overflow&color=brightgreen)

### Description

A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/STMicroelectronics/stm32_mw_usb_host
- https://github.com/rtek1000/stm32_mw_usb_host-modified