PT-2023-8211 · Unknown · Micropython

Qbit

Published

2023-12-28

Updated

2024-06-15

CVE-2023-7158

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MicroPython versions prior to 1.22.0

Description A critical issue in MicroPython is related to the slice indices function in the objslice.c file, which can lead to a heap-based buffer overflow. This can be exploited remotely, potentially affecting the confidentiality, integrity, and availability of protected information. The issue has been disclosed publicly and may be used by attackers.

Recommendations For MicroPython versions prior to 1.22.0, upgrade to version 1.22.0 to address this issue. As a temporary workaround, consider restricting access to the slice indices function in the objslice.c file until the upgrade is applied.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

BDU:2024-00209

CVE-2023-7158

OPENSUSE-SU-2024:13566-1

Affected Products

Micropython

PT-2023-8211 · Unknown · Micropython

CVE-2023-7158

Weakness Enumeration

Related Identifiers

Affected Products

References · 24