GMS-2020-8: Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration

October 2, 2020 (updated October 4, 2021)

If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack.

References

github.com/MicrochipTech/cryptoauthlib/security/advisories/GHSA-f366-4rvv-95x2
github.com/advisories/GHSA-f366-4rvv-95x2

Code Behaviors & Features

Detect and mitigate GMS-2020-8 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →