Micropython
CVE-2023-7152
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.
AnalysisAI
A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability. Affected products include: Micropython.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.
More in Micropython
View allA vulnerability was found in MicroPython up to 1.21.0. Rated critical severity (CVSS 9.8), this vulnerability is remotel
A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploi
A vulnerability was found in MicroPython 1.23.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploi
A vulnerability was found in MicroPython 1.22.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploi
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/
Same weakness CWE-416 – Use After Free
View allSame technique Use After Free
View allShare
External POC / Exploit Code
Leaving vuln.today