CVE-2024-8947

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 1.23.0 is able to address this issue. The identifier of the patch is 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to upgrade the affected component. In micropython objarray component, when a bytes object is resized and copied into itself, it may reference memory that has already been freed.
Configurations

Configuration 1 (hide)

cpe:2.3:a:micropython:micropython:1.22.2:*:*:*:*:*:*:*

History

24 Sep 2024, 13:17

Type Values Removed Values Added
CPE cpe:2.3:a:micropython:micropython:1.22.2:*:*:*:*:*:*:*
References () https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd - () https://github.com/micropython/micropython/commit/4bed614e707c0644c06e117f848fa12605c711cd - Patch
References () https://github.com/micropython/micropython/issues/13283 - () https://github.com/micropython/micropython/issues/13283 - Exploit, Third Party Advisory
References () https://github.com/micropython/micropython/issues/13283#issuecomment-1918479709 - () https://github.com/micropython/micropython/issues/13283#issuecomment-1918479709 - Exploit, Third Party Advisory
References () https://github.com/micropython/micropython/releases/tag/v1.23.0 - () https://github.com/micropython/micropython/releases/tag/v1.23.0 - Release Notes
References () https://vuldb.com/?ctiid.277765 - () https://vuldb.com/?ctiid.277765 - Permissions Required
References () https://vuldb.com/?id.277765 - () https://vuldb.com/?id.277765 - Third Party Advisory
References () https://vuldb.com/?submit.409316 - () https://vuldb.com/?submit.409316 - Third Party Advisory
CVSS v2 : 5.1
v3 : 5.6
v2 : 5.1
v3 : 8.1
First Time Micropython
Micropython micropython

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en MicroPython 1.22.2. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo py/objarray.c. La manipulación conduce a un uso después de la liberación. El ataque se puede lanzar de forma remota. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. La actualización a la versión 1.23.0 puede solucionar este problema. El identificador del parche es 4bed614e707c0644c06e117f848fa12605c711cd. Se recomienda actualizar el componente afectado. En el componente objarray de micropython, cuando se cambia el tamaño de un objeto de bytes y se copia en sí mismo, puede hacer referencia a la memoria que ya se ha liberado.

17 Sep 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 19:15

Updated : 2024-09-24 13:17


NVD link : CVE-2024-8947

Mitre link : CVE-2024-8947

CVE.ORG link : CVE-2024-8947


JSON object : View

Products Affected

micropython

  • micropython
CWE
CWE-416

Use After Free