Out-of-bounds Write
CVE-2024-8946
Summary
A vulnerability was found in micropython versions prior to v1.24.0 and has been classified as critical. The affected function is "mp_vfs_umount" in the file "extmod/vfs.c" of the VFS Unmount Handler component. The manipulation leads to a Heap-Based Buffer Overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-787 - Out-of-Bounds Write
Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.
References
Advisory Timeline
- Published
