Qbit

Name of the Vulnerable Software and Affected Versions: MicroPython version 1.23.0 Description: A critical issue has been found in the VFS Unmount Handler component, specifically in the function `mp vfs umount` of the file `extmod/vfs.c`. This issue leads to a heap-based buffer overflow. The attack can be launched remotely. The comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read. Recommendations: To fix this issue, it is recommended to apply a patch, specifically the one with the name `29943546343c92334e8518695a11fc0e2ceea68b`. As a temporary workaround, consider disabling the `mp vfs umount` function until a patch is available. Restrict access to the `extmod/vfs.c` file to minimize the risk of exploitation. Avoid using the VFS unmount process until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MicroPython version 1.22.2 Description: A critical issue has been found in the MicroPython objarray component, where resizing and copying a bytes object into itself may reference memory that has already been freed, leading to use after free. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult. Recommendations: For MicroPython version 1.22.2, upgrade to version 1.23.0 to address this issue. As a temporary workaround, consider avoiding the resizing and copying of bytes objects into themselves in the objarray component until the patch is applied.

Name of the Vulnerable Software and Affected Versions: MicroPython version 1.23.0 Description: A critical issue has been found, affecting the `mpz as bytes` function of the file py/objint.c. This issue leads to a heap-based buffer overflow. The attack can be launched remotely. The problem arises when converting zero from int to bytes, resulting in a heap buffer-overflow-write at `mpz as bytes`. Recommendations: For MicroPython version 1.23.0, apply a patch to fix this issue, specifically the patch identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. As a temporary workaround, consider disabling the `mpz as bytes` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MicroPython versions 1.21.0 through 1.22.0-preview **Description** A critical issue has been found in the function `poll set add fd` of the file `extmod/modselect.c`, leading to use after free. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply the patch identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. As a temporary workaround, consider disabling the `poll set add fd` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** MicroPython versions prior to 1.22.0 **Description** A critical issue in MicroPython is related to the `slice indices` function in the `objslice.c` file, which can lead to a heap-based buffer overflow. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The issue has been disclosed publicly and may be used by attackers. **Recommendations** For MicroPython versions prior to 1.22.0, upgrade to version 1.22.0 to address this issue. As a temporary workaround, consider restricting access to the `slice indices` function in the `objslice.c` file until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** SQLite versions up to 3.43.0 **Description** A critical issue affects the `sessionReadRecord` function of the file ext/session/sqlite3session.c, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to impact confidentiality, integrity, and availability. The manipulation involves improper bounds checking, allowing a specially crafted request to overflow a buffer and potentially execute arbitrary code on the system. **Recommendations** For SQLite versions up to 3.43.0, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `sessionReadRecord` function until a patch is available.