CVE-2023-7158

Exploit

EPSS 1.23%
Veröffentlicht 29.12.2023 07:15:11
Zuletzt bearbeitet 21.11.2024 08:45:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

MicroPython objslice.c slice_indices heap-based overflow

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 12

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Micropython ≫ Micropython Version < 1.22.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.23%	0.65

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E2HYWCZB5R4SHY4SZZZSFDMD64N4SOZ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3WWY5JY4RTJE25APB4REGDUDPATG6H7/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEK46QAJOXXDZOWOIE2YACUOCZFWOBCK/

https://github.com/micropython/micropython/issues/13007

Exploit

Issue Tracking

https://github.com/micropython/micropython/pull/13039

Issue Tracking

https://github.com/micropython/micropython/pull/13039/commits/f397a3ec318f3ad05aa287764ae7cef32202380f

Patch

https://github.com/micropython/micropython/releases/tag/v1.22.0

Release Notes

https://vuldb.com/?ctiid.249180

Third Party Advisory

Permissions Required

https://vuldb.com/?id.249180

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-7158

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-7158

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-7158

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-7158