{"id":"CVE-2021-42553","details":"A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated when using a RTOS such as FreeRTOS on STM32 MCUs.","modified":"2026-04-09T08:17:42.527055Z","published":"2022-10-21T10:15:12.470Z","references":[{"type":"FIX","url":"https://github.com/STMicroelectronics/stm32_mw_usb_host/pull/4"},{"type":"PACKAGE","url":"https://github.com/STMicroelectronics/stm32_mw_usb_host"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/stmicroelectronics/stm32_mw_usb_host","events":[{"introduced":"0"},{"fixed":"38bc365e09b89c43b495af7261e31fe90a07335c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.5.1"}]}}],"versions":["v3.3.3","v3.3.4","v3.3.5","v3.4.0","v3.4.1","v3.5.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42553.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}