Espressif ESP-IDF USB Host UVC Class Driver has a stack buffer overflow in UVC descriptor printing
Description
Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB Video Class (UVC) device to trigger a stack buffer overflow during configuration-descriptor parsing. When UVC configuration-descriptor printing is enabled, the host prints detailed descriptor information provided by the connected USB device. A specially crafted UVC descriptor may advertise an excessively large length. Because this value is not validated before being copied into a fixed-size stack buffer, an attacker can overflow the buffer and corrupt memory. This vulnerability is fixed in 2.4.0.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- components.espressif.com/components/espressif/usb_host_uvc/versions/2.4.0/changelogmitrex_refsource_MISC
- github.com/espressif/esp-usb/commit/77a38b15a17f6e3c7aeb620eb4aeaf61d5194cc0mitrex_refsource_MISC
- github.com/espressif/esp-usb/security/advisories/GHSA-g65h-9ggq-9827mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.