New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No validity chekcing on the variable dev_desc->bMaxPacketSize #75
Comments
|
Hi @TheSilentDawn, Thank you for your interest in our products and software solutions. Thank you also for this report and for all the other ones. They will be transmitted to our development teams for analysis. However, may I first ask you whether these cases you are reporting (or at least some of them) are real error cases you faced while using our library or simulated test cases you designed based on a code review? Thank you in advance for your answer. With regards, |
|
Hi, @ALABSTM, |
|
Hi @TheSilentDawn, Thank you for your contribution. All the reports you sent will be forwarded to our development teams. I will get back to you as soon as they provide me with their feedback. Thank you again for your contribution and thank you in advance for your patience. With regards, |
|
Hi @TheSilentDawn, I hope you are doing well. Our technical committee discussed the several points you reported. Actions will be taken to make the necessary updates. I will keep you informed. Any news or progress from your side? Thank you for your answer and thank you once more for your contribution. With regards, |
|
ST Internal Reference: 99173 |
|
@ALABSTM @CCASTM @Tombana @RKOUSTM I'm a Ph.D. student from the University of Chinese Academy of Sciences and the University of Georgia. We are working on a fuzzing tool for automatic bug discovery. In the past year, I have reported several bugs that influence the MCU product line of STMicroelectronics. Some other STMicroelectronics engineers and your team have confirmed with us and the reported bugs have been patched. Currently, we are working on a research paper that systematically describes our new method. I wonder if your team can help apply for CVE IDs for these bugs so that we can refer to these CVE IDs and state our responsible disclosure with confidence. Thanks for your help. If you want, we can also send you a draft of our paper before submission so that you can check whether the wording is appropriate. Below is a list of relevant bugs we reported. [STM PLC] We look forwards to your reply. Sincerely, |
|
Hello @TheSilentDawn, You request will be reported to our development team to see whether it is possible to address it. However, as the PLC-related list of posts on the ST Community has not been confirmed yet, I can only formulate the request for the USB-related list you reported on this repository. I will keep you informed should there be any news. Please try to contact the ST Community administrators to ask for a feedback about the PLC-related list of potential vulnerabilities. With regards, |
|
Hi @ALABSTM , |
|
Hi @ALABSTM |
Hello, Kind Regards, |
|
Issue fixed in USB Host V3.4.0 |
|
Hi @TheSilentDawn, Hope you're fine. Just to inform you the fix has been published in the frame of v1.10.0 release. With regards, |
Describe the set-up
Describe the bug
Function:
Location:
STM32CubeH7/Middlewares/ST/STM32_USB_Host_Library/Core/Src/usbh_ctlreq.c
Line 355 in 79196b0
Type:
Result:
Description:
STM32CubeH7/Middlewares/ST/STM32_USB_Host_Library/Core/Src/usbh_ctlreq.c
Line 355 in 79196b0
STM32CubeH7/Middlewares/ST/STM32_USB_Host_Library/Core/Src/usbh_core.c
Line 828 in 79196b0
How To Reproduce
Running MSC_Standalone application on the STM32H7B3I platform
Plug a USB disk
Use the attached Bug1.txt to replace the USB device packet. Bug1.txt
Additional context
The text was updated successfully, but these errors were encountered: