CVE-2023-7158 HIGH

CVE-2023-7158: MicroPython objslice.c slice_indices heap-based overflow

Vendor N/A
Product MicroPython
Weakness CWE-122
Published December 29, 2023
Last update February 13, 2025
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.

Key dates

Disclosure timeline

December 29, 2023 CVE published
February 13, 2025 Record updated