MicroPython VFS Unmount vfs.c mp_vfs_umount heap-based overflow

A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

堆缓冲区溢出

MicroPython 安全漏洞

MicroPython是MicroPython开源的一个小型的开源Python编程语言解释器。 MicroPython 1.23.0版本存在安全漏洞，该漏洞源于VFS Unmount Handler组件中的mp_vfs_umount函数，在VFS卸载过程中，仅基于卸载字符串的长度来比较挂载路径字符串和卸载请求字符串，这可能导致堆缓冲区溢出读取。

N/A

N/A