VDB-277764 · CVE-2024-8946 · Issue 13006

MicroPython 1.23.0 VFS Unmount extmod/vfs.c mp_vfs_umount ବଫର୍ ଓଭରଫ୍ଲୋ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame MicroPython 1.23.0 keessatti argameera. Kan miidhamte is hojii mp_vfs_umount faayilii extmod/vfs.c keessa kutaa VFS Unmount Handler keessa. Hojii jijjiirraa gara ବଫର୍ ଓଭରଫ୍ଲୋ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-122 geessa. Dadhabbii kana yeroo 09/17/2024 maxxanfameera akka 13006. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2024-8946tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 29943546343c92334e8518695a11fc0e2ceea68b dha. Sirreeffamni dogoggoraa github.com irraa buufachuuf qophaa’eera. Yaada kennamu, rakkoo kana furuuf paachii itti fayyadamuun ni gorfama. Hanqinni kunis bu'uuraalee odeeffannoo hanqina biroo keessatti galmaa'ee jira: Tenable (235069). VulDB is the best source for vulnerability data and more expert information about this specific topic.

6 ଆଡାପ୍ଟେସନ୍ · 94 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ଅଦ୍ୟତନ 1/5 09/17/2024 08:54 PM	ଅଦ୍ୟତନ 2/5 09/18/2024 04:46 AM	ଅଦ୍ୟତନ 3/5 09/18/2024 06:08 PM	ଅଦ୍ୟତନ 4/5 09/24/2024 04:01 PM	ଅଦ୍ୟତନ 5/5 05/02/2025 06:34 AM
software_name	MicroPython	MicroPython	MicroPython	MicroPython	MicroPython
software_version	1.23.0	1.23.0	1.23.0	1.23.0	1.23.0
software_component	VFS Unmount Handler	VFS Unmount Handler	VFS Unmount Handler	VFS Unmount Handler	VFS Unmount Handler
software_file	extmod/vfs.c	extmod/vfs.c	extmod/vfs.c	extmod/vfs.c	extmod/vfs.c
software_function	mp_vfs_umount	mp_vfs_umount	mp_vfs_umount	mp_vfs_umount	mp_vfs_umount
vulnerability_cwe	CWE-122 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-122 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-122 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-122 (ବଫର୍ ଓଭରଫ୍ଲୋ)	CWE-122 (ବଫର୍ ଓଭରଫ୍ଲୋ)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	N	N	N	N	N
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	N	N	N	N	N
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	L	L	L	L	L
cvss3_vuldb_i	L	L	L	L	L
cvss3_vuldb_a	L	L	L	L	L
cvss3_vuldb_e	P	P	P	P	P
cvss3_vuldb_rl	O	O	O	O	O
cvss3_vuldb_rc	C	C	C	C	C
advisory_identifier	13006	13006	13006	13006	13006
advisory_url	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006
advisory_confirm_url	https://github.com/micropython/micropython/issues/13006#issuecomment-1820309455	https://github.com/micropython/micropython/issues/13006#issuecomment-1820309455	https://github.com/micropython/micropython/issues/13006#issuecomment-1820309455	https://github.com/micropython/micropython/issues/13006#issuecomment-1820309455	https://github.com/micropython/micropython/issues/13006#issuecomment-1820309455
exploit_availability	1	1	1	1	1
exploit_publicity	1	1	1	1	1
exploit_url	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006	https://github.com/micropython/micropython/issues/13006
countermeasure_name	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍	ପ୍ୟାଚ୍
patch_name	29943546343c92334e8518695a11fc0e2ceea68b	29943546343c92334e8518695a11fc0e2ceea68b	29943546343c92334e8518695a11fc0e2ceea68b	29943546343c92334e8518695a11fc0e2ceea68b	29943546343c92334e8518695a11fc0e2ceea68b
countermeasure_patch_url	https://github.com/micropython/micropython/commit/29943546343c92334e8518695a11fc0e2ceea68b	https://github.com/micropython/micropython/commit/29943546343c92334e8518695a11fc0e2ceea68b	https://github.com/micropython/micropython/commit/29943546343c92334e8518695a11fc0e2ceea68b	https://github.com/micropython/micropython/commit/29943546343c92334e8518695a11fc0e2ceea68b	https://github.com/micropython/micropython/commit/29943546343c92334e8518695a11fc0e2ceea68b
source_cve	CVE-2024-8946	CVE-2024-8946	CVE-2024-8946	CVE-2024-8946	CVE-2024-8946
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
software_type	Programming Language Software	Programming Language Software	Programming Language Software	Programming Language Software	Programming Language Software
cvss2_vuldb_av	N	N	N	N	N
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_au	N	N	N	N	N
cvss2_vuldb_ci	P	P	P	P	P
cvss2_vuldb_ii	P	P	P	P	P
cvss2_vuldb_ai	P	P	P	P	P
cvss2_vuldb_e	POC	POC	POC	POC	POC
cvss2_vuldb_rc	C	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF	OF
cvss4_vuldb_av	N	N	N	N	N
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	N	N	N	N	N
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	L	L	L	L	L
cvss4_vuldb_vi	L	L	L	L	L
cvss4_vuldb_va	L	L	L	L	L
cvss4_vuldb_e	P	P	P	P	P
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5	7.5	7.5
cvss2_vuldb_tempscore	5.9	5.9	5.9	5.9	5.9
cvss3_vuldb_basescore	7.3	7.3	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.3	7.4	7.4
cvss3_meta_tempscore	6.6	6.9	6.9	7.1	7.1
cvss4_vuldb_bscore	6.9	6.9	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5	5.5	5.5
advisory_date	1726524000 (09/17/2024)	1726524000 (09/17/2024)	1726524000 (09/17/2024)	1726524000 (09/17/2024)	1726524000 (09/17/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
response_summary	In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.
cve_nvd_summary		A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.	A vulnerability was found in MicroPython 1.23.0. It has been classified as critical. Affected is the function mp_vfs_umount of the file extmod/vfs.c of the component VFS Unmount Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 29943546343c92334e8518695a11fc0e2ceea68b. It is recommended to apply a patch to fix this issue. In the VFS unmount process, the comparison between the mounted path string and the unmount requested string is based solely on the length of the unmount string, which can lead to a heap buffer overflow read.
cvss3_cna_av		N	N	N	N
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		N	N	N	N
cvss3_cna_ui		N	N	N	N
cvss3_cna_s		U	U	U	U
cvss3_cna_c		L	L	L	L
cvss3_cna_i		L	L	L	L
cvss3_cna_a		L	L	L	L
cvss3_cna_basescore		7.3	7.3	7.3	7.3
cvss2_cna_av		N	N	N	N
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		N	N	N	N
cvss2_cna_ci		P	P	P	P
cvss2_cna_ii		P	P	P	P
cvss2_cna_ai		P	P	P	P
cvss2_cna_basescore		7.5	7.5	7.5	7.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en MicroPython 1.23.0. Se ha clasificado como crítica. Se ve afectada la función mp_vfs_umount del archivo extmod/vfs.c del componente VFS Unmount Handler. La manipulación provoca un desbordamiento del búfer basado en el montón. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y se puede utilizar. El nombre del parche es 29943546343c92334e8518695a11fc0e2ceea68b. Se recomienda aplicar un parche para solucionar este problema. En el proceso de desmontaje de VFS, la comparación entre la cadena de ruta montada y la cadena solicitada de desmontaje se basa únicamente en la longitud de la cadena de desmontaje, lo que puede provocar una lectura de desbordamiento del búfer del montón.	Se ha encontrado una vulnerabilidad en MicroPython 1.23.0. Se ha clasificado como crítica. Se ve afectada la función mp_vfs_umount del archivo extmod/vfs.c del componente VFS Unmount Handler. La manipulación provoca un desbordamiento del búfer basado en el montón. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y se puede utilizar. El nombre del parche es 29943546343c92334e8518695a11fc0e2ceea68b. Se recomienda aplicar un parche para solucionar este problema. En el proceso de desmontaje de VFS, la comparación entre la cadena de ruta montada y la cadena solicitada de desmontaje se basa únicamente en la longitud de la cadena de desmontaje, lo que puede provocar una lectura de desbordamiento del búfer del montón.	Se ha encontrado una vulnerabilidad en MicroPython 1.23.0. Se ha clasificado como crítica. Se ve afectada la función mp_vfs_umount del archivo extmod/vfs.c del componente VFS Unmount Handler. La manipulación provoca un desbordamiento del búfer basado en el montón. Es posible lanzar el ataque de forma remota. El exploit se ha hecho público y se puede utilizar. El nombre del parche es 29943546343c92334e8518695a11fc0e2ceea68b. Se recomienda aplicar un parche para solucionar este problema. En el proceso de desmontaje de VFS, la comparación entre la cadena de ruta montada y la cadena solicitada de desmontaje se basa únicamente en la longitud de la cadena de desmontaje, lo que puede provocar una lectura de desbordamiento del búfer del montón.
cvss3_nvd_av				N	N
cvss3_nvd_ac				L	L
cvss3_nvd_pr				N	N
cvss3_nvd_ui				N	N
cvss3_nvd_s				U	U
cvss3_nvd_c				N	N
cvss3_nvd_i				N	N
cvss3_nvd_a				H	H
cvss3_nvd_basescore				7.5	7.5
nessus_id					235069
nessus_name					Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Micropython vulnerabilities (USN-7472-1)

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!