Description

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.

INFO

Published Date :

2024-09-17T18:50:17.599Z

Last Modified :

2024-09-17T20:07:19.189Z

Source :

VulDB
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8948 vulnerability.

Vendors Products
Micropython
  • Micropython
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8948.

URL Resource
https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894 cve-icon cve-icon
https://github.com/micropython/micropython/issues/13041 cve-icon cve-icon
https://vuldb.com/?ctiid.277766 cve-icon cve-icon
https://vuldb.com/?id.277766 cve-icon cve-icon
https://vuldb.com/?submit.409317 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact