QwikSec

Security Database

CVE

CWE

Training

CVE-2023-7152

Published: Dec 29, 2023

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.1

5.5

MEDIUM

Description

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.

Vendor	Product	Versions
n/a	MicroPython	affected `1.21.0` affected `1.22.0-preview`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://vuldb.com/?id.249158

vdb-entry

technical-description

https://vuldb.com/?ctiid.249158

signature

permissions-required

https://github.com/micropython/micropython/issues/12887

exploit

issue-tracking

https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26

patch

https://lists.fedoraproject.org/archives/list/[email protected]/message/TEK46QAJOXXDZOWOIE2YACUOCZFWOBCK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/4E2HYWCZB5R4SHY4SZZZSFDMD64N4SOZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/D3WWY5JY4RTJE25APB4REGDUDPATG6H7/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.