Wonil Jang

**Name of the Vulnerable Software and Affected Versions** MicroPython versions 1.21.0 through 1.22.0-preview **Description** A critical issue has been found in the function `poll set add fd` of the file `extmod/modselect.c`, leading to use after free. The exploit has been disclosed to the public and may be used. **Recommendations** To fix this issue, apply the patch identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. As a temporary workaround, consider disabling the `poll set add fd` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** SQLite versions up to 3.43.0 **Description** A critical issue affects the `sessionReadRecord` function of the file ext/session/sqlite3session.c, leading to a heap-based buffer overflow. This can be exploited by a remote attacker to impact confidentiality, integrity, and availability. The manipulation involves improper bounds checking, allowing a specially crafted request to overflow a buffer and potentially execute arbitrary code on the system. **Recommendations** For SQLite versions up to 3.43.0, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `sessionReadRecord` function until a patch is available.