Name of the Vulnerable Software and Affected Versions cryptoauthlib versions prior to 3.2.3

Description The issue allows an attacker to masquerade as a device and return malformed packets of arbitrary length, which the protocol stack will write to the stack, potentially causing a crash. This affects applications using the deprecated kit protocol HALs for communication. The hidapi HAL can also be made to overrun the application stack by attaching more than 10 devices, likely resulting in an application crash.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider compiling the library without the usb support option to minimize the risk of exploitation. Restrict access to the deprecated kit protocol HALs to prevent potential attacks. For python packages, update to version 20200912 or later.