Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: micropython

Found 1 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-1998
3.3 LOW
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 2 months, 1 week ago Activity log
  • Created suggestion 2 months, 1 week ago
micropython runtime.c mp_import_all memory corruption

A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be launched locally. The exploit has been published and may be used. Patch name: 570744d06c5ba9dba59b4c3f432ca4f0abd396b6. It is suggested to install a patch to address this issue.

Affected products

micropython
  • ==1.9
  • ==1.23
  • ==1.3
  • ==1.16
  • ==1.18
  • ==1.2
  • ==1.27.0
  • ==1.8
  • ==1.0
  • ==1.25
  • ==1.14
  • ==1.7
  • ==1.20
  • ==1.6
  • ==1.19
  • ==1.22
  • ==1.11
  • ==1.21
  • ==1.24
  • ==1.26
  • ==1.12
  • ==1.10
  • ==1.1
  • ==1.5
  • ==1.13
  • ==1.17
  • ==1.4
  • ==1.15

Matching in nixpkgs

pkgs.micropython

Lean and efficient Python implementation for microcontrollers and constrained systems

Package maintainers