CVE-2023-7152 MEDIUM

CVE-2023-7152: MicroPython modselect.c poll_set_add_fd use after free

Vendor N/A

Product MicroPython

Weakness CWE-416

Published December 29, 2023

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.

Key dates

Disclosure timeline

December 29, 2023 CVE published

February 13, 2025 Record updated

Identifiers

CVE CVE-2023-7152

CWE CWE-416

CVSS 5.5 / MEDIUM

Affected versions

Vendor N/A

Product MicroPython

Affected 1.21.0

Vendor N/A

Product MicroPython

Affected 1.22.0-preview