Source: micropython Version: 1.22.1+ds-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for micropython. CVE-2024-8946[0]: | A vulnerability was found in MicroPython 1.23.0. It has been | classified as critical. Affected is the function mp_vfs_umount of | the file extmod/vfs.c of the component VFS Unmount Handler. The | manipulation leads to heap-based buffer overflow. It is possible to | launch the attack remotely. The exploit has been disclosed to the | public and may be used. The name of the patch is | 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply | a patch to fix this issue. In the VFS unmount process, the | comparison between the mounted path string and the unmount requested | string is based solely on the length of the unmount string, which | can lead to a heap buffer overflow read. CVE-2024-8947[1]: | A vulnerability was found in MicroPython 1.22.2. It has been | declared as critical. Affected by this vulnerability is an unknown | functionality of the file py/objarray.c. The manipulation leads to | use after free. The attack can be launched remotely. The complexity | of an attack is rather high. The exploitation appears to be | difficult. Upgrading to version 1.23.0 is able to address this | issue. The identifier of the patch is | 4bed614e707c0644c06e117f848fa12605c711cd. It is recommended to | upgrade the affected component. In micropython objarray component, | when a bytes object is resized and copied into itself, it may | reference memory that has already been freed. CVE-2024-8948[2]: | A vulnerability was found in MicroPython 1.23.0. It has been rated | as critical. Affected by this issue is the function mpz_as_bytes of | the file py/objint.c. The manipulation leads to heap-based buffer | overflow. The attack may be launched remotely. The exploit has been | disclosed to the public and may be used. The patch is identified as | 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply | a patch to fix this issue. In micropython objint component, | converting zero from int to bytes leads to heap buffer-overflow- | write at mpz_as_bytes. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-8946 https://www.cve.org/CVERecord?id=CVE-2024-8946 [1] https://security-tracker.debian.org/tracker/CVE-2024-8947 https://www.cve.org/CVERecord?id=CVE-2024-8947 [2] https://security-tracker.debian.org/tracker/CVE-2024-8948 https://www.cve.org/CVERecord?id=CVE-2024-8948 Regards, Salvatore
