CVE-2024-8947

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: MicroPython version 1.22.2

Description: A critical issue has been found in the MicroPython objarray component, where resizing and copying a bytes object into itself may reference memory that has already been freed, leading to use after free. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult.

Recommendations: For MicroPython version 1.22.2, upgrade to version 1.23.0 to address this issue. As a temporary workaround, consider avoiding the resizing and copying of bytes objects into themselves in the objarray component until the patch is applied.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2024-8947

GHSA-PWWP-3Q7J-9MX8

OPENSUSE-SU-2026:10704-1

PYSEC-2024-92

PYSEC-2024-94

USN-7472-1

Affected Products

Linuxmint

Micropython

Ubuntu

CVE-2024-8947

Weakness Enumeration

Related Identifiers

Affected Products

References · 28