Stmicroelectronics · Stm32 Mw Usb Host · CVE-2021-42553
**Name of the Vulnerable Software and Affected Versions**
stm32 mw usb host versions prior to 3.5.1
**Description**
A buffer overflow issue allows an attacker to execute arbitrary code when the descriptor contains more endpoints than `USBH MAX NUM ENDPOINTS`. This typically occurs when using a RTOS such as FreeRTOS on STM32 MCUs.
**Recommendations**
For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the number of endpoints in the descriptor to prevent it from exceeding `USBH MAX NUM ENDPOINTS`.