How severe is CVE-2023-7152?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-7152?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2023-7152

CRITICAL Year: 2023

CVSS v3 Score

9.8

Critical

CVSS v2 Score

5.2

Medium

Weakness Type

CWE-416

View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.

CVE-2008-5038

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the NetWare Core Protocol (NCP) feature in Novell eDirectory 8.7.3 SP10 before 8.7.3 SP10 FTF1 and 8.8 SP2 for Windows allows remote attackers to cause a denial of serv...

CWE-4162008

CVE-2010-2941

CRITICAL

CVSS:9.8(Critical)

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-fr...

CWE-4162010

CVE-2010-4197

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have un...

CWE-4162010

CVE-2010-4201

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control select...

CWE-4162010

CVE-2013-5613

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows r...

CWE-4162013

CVE-2013-5616

CRITICAL

CVSS:9.8(Critical)

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23...

CWE-4162013

CVE-2023-7152

Vulnerability Description

Related Vulnerabilities

CVE-2008-5038

CVE-2010-2941

CVE-2010-4197

CVE-2010-4201

CVE-2013-5613

CVE-2013-5616