Zoltan Madarassy

**Name of the Vulnerable Software and Affected Versions** STMicroelectronics STSAFE-A1xx versions prior to 3.3.7 X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications version 1.2.0 **Description** The issue allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an `StSafeA ReceiveBytes` buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications, and thus can affect user-written code that was derived from a published sample application. **Recommendations** For STMicroelectronics STSAFE-A1xx versions prior to 3.3.7, update to version 3.3.7 or later to resolve the issue. For X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications version 1.2.0, consider disabling the `StSafeA ReceiveBytes` function until a patch is available. As a temporary workaround, restrict access to the I2C bus to minimize the risk of exploitation.