CVE-2023-7152
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-7152
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-7152.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-7152
- Aliases
- Downstream
- Published
- 2023-12-29T05:15:09Z
- Modified
- 2025-10-25T12:19:30.230531Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function pollsetadd_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.
- References
-
- https://vuldb.com/?ctiid.249158
- https://vuldb.com/?id.249158
- https://github.com/micropython/micropython/issues/12887
- https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4E2HYWCZB5R4SHY4SZZZSFDMD64N4SOZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D3WWY5JY4RTJE25APB4REGDUDPATG6H7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEK46QAJOXXDZOWOIE2YACUOCZFWOBCK/
Affected packages
Git / github.com/jimmo/micropython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jimmo/micropython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v1.*
v1.0
v1.0-rc1
v1.0.1
v1.1
v1.1.1
v1.2
v1.3
v1.3.1
v1.3.10
v1.3.2
v1.3.3
v1.3.4
v1.3.5
v1.3.6
v1.3.7
v1.3.8
v1.3.9
v1.4
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.4.6
v1.5
v1.5.1
v1.5.2
v1.6
v1.7
v1.8
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.9
v1.9.1
v1.9.2
v1.9.3
Database specific
vanir_signatures
[
{
"id": "CVE-2023-7152-25f6c61c",
"target": {
"file": "extmod/modselect.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"100514678993952764631001232513906537474",
"184635985177277776058266799635677985380",
"164230940075714143062822397552674040199",
"228660635332080749222774965009048948408",
"28995778423837000612302589737259141075",
"18652610911259546864168799773277061273",
"286860532521091533751639708115663559090",
"224462232164678787202293072350156611568",
"240308530618914926892437594634708463221",
"84432039754077587633886216482598820342",
"268424210313647838700403150769473988174",
"321210418996263357512097437121534983644"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26",
"signature_type": "Line"
},
{
"id": "CVE-2023-7152-b41c5cce",
"target": {
"function": "poll_set_add_fd",
"file": "extmod/modselect.c"
},
"signature_version": "v1",
"digest": {
"length": 591.0,
"function_hash": "160868559766814285633166252859406262810"
},
"deprecated": false,
"source": "https://github.com/jimmo/micropython/commit/8b24aa36ba978eafc6114b6798b47b7bfecdca26",
"signature_type": "Function"
}
]