Nixpkgs security tracker
Untriaged
Permalink
CVE-2026-1998
3.3 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Activity log
- Created suggestion
micropython runtime.c mp_import_all memory corruption
A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.
References
-
-
-
Submit #743396 | micropython 0fd0843 Memory Corruption third-party-advisory
-
https://github.com/micropython/micropython/issues/18639 issue-tracking
-
https://github.com/micropython/micropython/pull/18671 issue-tracking
-
Affected products
micropython
- ==1.9
- ==1.23
- ==1.3
- ==1.16
- ==1.18
- ==1.2
- ==1.27.0
- ==1.8
- ==1.0
- ==1.25
- ==1.14
- ==1.7
- ==1.20
- ==1.6
- ==1.19
- ==1.22
- ==1.11
- ==1.21
- ==1.24
- ==1.26
- ==1.12
- ==1.10
- ==1.1
- ==1.5
- ==1.13
- ==1.17
- ==1.4
- ==1.15
Package maintainers
-
@prusnak Pavol Rusnak <pavol@rusnak.io>
-
@stigtsp Stig Palmquist <stig@stig.io>