Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MicroPython objint.c mpz_as_bytes heap-based overflow
Vulnerability Description
A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
MicroPython 安全漏洞
Vulnerability Description
MicroPython是MicroPython开源的一个小型的开源Python编程语言解释器。 MicroPython 1.23.0版本存在安全漏洞,该漏洞源于py/objint.c文件中的mpz_as_bytes函数,在将整数转换为字节时会导致堆缓冲区溢写出错。
CVSS Information
N/A
Vulnerability Type
N/A