Espressif USB Host UVC Class Driver Stack Buffer Overflow Vulnerability

A stack buffer overflow vulnerability has been identified in the Espressif USB Host UVC Class Driver, specifically in versions prior to 2.4.0. This vulnerability allows a malicious USB Video Class (UVC) device to cause a buffer overflow during the parsing of configuration descriptors. When UVC descriptor printing is enabled, the host outputs detailed information from the connected USB device. An attacker can exploit this by sending a specially crafted UVC descriptor that advertises an excessively large length, which is not properly validated before being copied into a fixed-size stack buffer. This oversight can lead to memory corruption.

Impact

Exploitation of this vulnerability can cause a system crash or potentially allow an attacker to execute arbitrary code by corrupting memory in a way that alters the program's control flow.

Remediation

Users can upgrade to Espressif USB Host UVC Class Driver version 2.4.0 or later, where this vulnerability has been fixed. The update is available through the Espressif Component Registry.