{"id":"CVE-2024-8948","details":"A vulnerability was found in MicroPython 1.23.0. It has been rated as critical. Affected by this issue is the function mpz_as_bytes of the file py/objint.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 908ab1ceca15ee6fd0ef82ca4cba770a3ec41894. It is recommended to apply a patch to fix this issue. In micropython objint component, converting zero from int to bytes leads to heap buffer-overflow-write at mpz_as_bytes.","aliases":["GHSA-vh3x-525m-jp4r","PYSEC-2024-87","PYSEC-2024-88","PYSEC-2024-89"],"modified":"2026-04-12T16:44:11.080493Z","published":"2024-09-17T19:15:29.747Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.277766"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.409317"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.277766"},{"type":"REPORT","url":"https://github.com/micropython/micropython/issues/13041"},{"type":"FIX","url":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/micropython/micropython","events":[{"introduced":"0"},{"last_affected":"a61c446c0b34e82aeb54b9770250d267656f2b7f"},{"fixed":"908ab1ceca15ee6fd0ef82ca4cba770a3ec41894"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.23.0"}]}}],"versions":["v1.0","v1.0-rc1","v1.0.1","v1.1","v1.1.1","v1.10","v1.11","v1.12","v1.13","v1.14","v1.15","v1.16","v1.17","v1.18","v1.19","v1.19.1","v1.2","v1.20.0","v1.21.0","v1.22.0","v1.22.0-preview","v1.23.0","v1.23.0-preview","v1.24.0-preview","v1.3","v1.3.1","v1.3.10","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.5","v1.5.1","v1.5.2","v1.6","v1.7","v1.8","v1.8.1","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.9","v1.9.1","v1.9.2","v1.9.3","v1.9.4"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","id":"CVE-2024-8948-095135b0","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"length":352,"function_hash":"49453144512293457249410937369704661746"},"deprecated":false,"target":{"file":"py/objint_longlong.c","function":"mp_obj_int_to_bytes_impl"}},{"signature_type":"Function","id":"CVE-2024-8948-206e7c7e","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"length":215,"function_hash":"82414365710170086972214401516403803350"},"deprecated":false,"target":{"file":"py/objint_mpz.c","function":"mp_obj_int_to_bytes_impl"}},{"signature_type":"Line","id":"CVE-2024-8948-91aebef0","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["240764865457314554996086594671908307092","171305254523541278175680103753631570610","137359274097526980861997051233237938696","235331098763796619437566542097745851269","64228189927734972433844472166734206997","108731025643498703841517896671937497333","239472469034903521383119931649983550467","327879860115184658589794305588390211302","315104926869624633509794041451676350086","322630392243212087323169286325672666830"],"threshold":0.9},"deprecated":false,"target":{"file":"py/mpz.h"}},{"signature_type":"Line","id":"CVE-2024-8948-97eca7df","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["198600163651652356893457476236927127122","250111303815993995058780437679798167414","174305722198746996037804726886613045148","84818618404643049005995228934343152126","134606503306975541410755571527375839327","103559837720270446965758369076170175344","44896566831258871227723966908132698610"],"threshold":0.9},"deprecated":false,"target":{"file":"py/objint_mpz.c"}},{"signature_type":"Line","id":"CVE-2024-8948-9e9a46e7","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["120145040053965508911316494003073332150","244019856248452144399491860198402756927","278370846440818969006058797721319115496","96643418525220343826722440213111016291","196573866780012353931098546768450319963","291366795443993236583259726243249781264","302208029058680704359860983310088648341","240097800565976445660481151752213789835","280400532117715381707253943163030433295","138939821756511278567607551468950889338","191697915849327049634300210352011391641","304773945195587777148785811209770821388","290693945206202265735311643251025336296","212723979602651019874861908347704549393","64673186796976382316212267485732732753","315558949201425137271732190875425792759","27137869323843042998001953092139514678","236629731720731442608519029142161539544","11769211352205247355850702716484977257","275443108075848871514266065296459430765","293949540968280903538352693917672011553","108587633537507210242609878158511307392","129984067640990573909797111107185802360","399967116631071530115791102328874849","176153233063437955479332261773743664135","115942372047937939058023176841528065574","328632384183704483236497569988856089217","147536600659739821204079588423772294356","236231845068500488031373809206879704442","317577408893416698879549548366546674106","196536581343039521726131946054471019164","183292891823518295460848708674851846429"],"threshold":0.9},"deprecated":false,"target":{"file":"py/mpz.c"}},{"signature_type":"Function","id":"CVE-2024-8948-a423d4e0","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"length":751,"function_hash":"162894037053660095914018449401936882909"},"deprecated":false,"target":{"file":"py/mpz.c","function":"mpz_as_bytes"}},{"signature_type":"Line","id":"CVE-2024-8948-ab5c6db8","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["181893145542623236155880138535561864354","51977466071704503110401762488829753478","133449040390787732775153066489828088795","95526237735391312991518495724086441629","313867203205233948952970238760700696708","33501305917277878184880521830234254403","63014318331792517735224993731327981449"],"threshold":0.9},"deprecated":false,"target":{"file":"py/misc.h"}},{"signature_type":"Line","id":"CVE-2024-8948-ac837bb7","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["199923670836101400985549945741066157006","32236511569594316103249996256312329216","131655327311978436142712132435023711170","203393045325926305708224415146536405425","77736346455363621338764305219639489982","68289620440015378359056537632689255184","269281759200254248430270372209923698318","260254878370710579052395312816388752465","85379909796824522225161455796580324541","291337049379008676676081025483671535656","255163852549424857624515219094682752409"],"threshold":0.9},"deprecated":false,"target":{"file":"py/objint_longlong.c"}},{"signature_type":"Line","id":"CVE-2024-8948-cd2ec3f1","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["158117844349039680759329947985221046412","245742790556823848331496674864197178250","32301643616370418127885825161300406259","270901059253039383709341708610929881879","126875224947790813311428702625308159777","132967312896793069815672556355715170392","45513769181813890532210268524222420504","309938477441122215988499892625429362124","87881277809764881180594346513870779126","107652946969934288543146560413998541070","287422445275893647030737226627637390462","246228737504441366433992861634492787516","148247910299840855851263396111543407794","195523408118153229579677004320077714440","219956224965339239815964108635716138205","239533980474243051142849385967509815044","214596506986775544796716189410765420341","47507245202626185978783349231857944652","10042244560294428244157169438990087549","60392097066490295825891800374656773087","254486098027360741500055002747770401550","339029056641294036660397968667025722964"],"threshold":0.9},"deprecated":false,"target":{"file":"py/objint.c"}},{"signature_type":"Line","id":"CVE-2024-8948-d82e3865","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"line_hashes":["71470621531692675115757047028953352740","157971563346786908315953820395385324095","280635664758112880581126098149357043311","270836460372121911610312942511714001471"],"threshold":0.9},"deprecated":false,"target":{"file":"py/objint.h"}},{"signature_type":"Function","id":"CVE-2024-8948-f80efedb","signature_version":"v1","source":"https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894","digest":{"length":669,"function_hash":"170087834968604457596593602084613068981"},"deprecated":false,"target":{"file":"py/objint.c","function":"int_to_bytes"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8948.json","vanir_signatures_modified":"2026-04-12T16:44:11Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}