CVE-2024-8947

Summary

CVE-2024-8947 is a critical vulnerability identified in MicroPython version 1.22.2, specifically affecting the functionality of the file py/objarray.c, which can lead to a use-after-free condition. This vulnerability can be exploited remotely, though the complexity of executing such an attack is considered high. Organizations are advised to remediate this issue by upgrading to MicroPython version 1.23.0, which contains a patch for this vulnerability identified by commit hash 4bed614e707c0644c06e117f848fa12605c711cd. The potential impact of this vulnerability includes partial confidentiality and integrity risks, with a CVSS score of 5.6 indicating medium severity; however, it requires no user interaction or authentication to exploit. Overall, while difficult to exploit, if successfully executed, it may compromise memory safety within affected applications using the MicroPython framework.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.