CVE-2023-7152

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-7152
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-7152.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-7152
Aliases
Related
Published
2023-12-29T05:15:09Z
Modified
2025-02-14T11:51:04.573532Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function pollsetadd_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.

References

Affected packages

Git / github.com/jimmo/micropython

Affected ranges

Type
GIT
Repo
https://github.com/jimmo/micropython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8b24aa36ba978eafc6114b6798b47b7bfecdca26
Fixed
8b24aa36ba978eafc6114b6798b47b7bfecdca26
Type
GIT
Repo
https://github.com/micropython/micropython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
69e34b6b6bdf45bc1111777c46839a8b5fcb30bd
Last affected
e00a144008f368df878c12606fdbf651af2a1dc0

Affected versions

v1.*

v1.0
v1.0-rc1
v1.0.1
v1.1
v1.1.1
v1.10
v1.11
v1.12
v1.13
v1.14
v1.15
v1.16
v1.17
v1.18
v1.19
v1.19.1
v1.2
v1.20.0
v1.21.0
v1.22.0-preview
v1.3
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.5
v1.5.1
v1.5.2
v1.6
v1.7
v1.8
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.9
v1.9.1
v1.9.2
v1.9.3
v1.9.4