Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-vh3x-525m-jp4r

GitHub Security Advisory

heap-buffer-overflow in MicroPython

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.

Affected Packages

PyPI micropython-copy
Affected versions: 0 (last affected: 3.3.3.post3)
PyPI micropython-io
Affected versions: 0 (last affected: 0.1)
PyPI micropython-os
Affected versions: 0 (last affected: 0.8)

Related CVEs

CVE-2024-8948

Key Information

GHSA ID
GHSA-vh3x-525m-jp4r
Published
September 17, 2024 9:30 PM
Last Modified
September 24, 2024 5:34 PM
CVSS Score
5.0 /10
Primary Ecosystem
PyPI
Primary Package
micropython-copy
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 15, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.