CVE-2023-7158: 
NixOS vulnerability analysis and mitigation

A critical heap-based buffer overflow vulnerability (CVE-2023-7158) was discovered in MicroPython versions up to 1.21.0. The vulnerability affects the slice_indices function in the objslice.c file, where float values are incorrectly interpreted as integers, leading to potential buffer overflow conditions. The vulnerability was discovered by Junwha Hong and Wonil Jang from S2-Lab, UNIST (GitHub Issue).

The vulnerability occurs in the slice_indices function where it attempts to interpret a float value as an integer without proper validation. When a float value is passed as an argument to the indices() method, the function misinterprets it, leading to an invalid memory access. The issue stems from the mp_obj_int_get_checked function attempting to parse the dig field of mpz at an incorrect memory offset, resulting in a heap-buffer-overflow condition. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows remote attackers to potentially execute arbitrary code through buffer overflow exploitation. The high severity rating indicates that successful exploitation could lead to complete system compromise with high impacts on confidentiality, integrity, and availability of the affected system (NVD).

The vulnerability has been fixed in MicroPython version 1.22.0 by adding proper validation that the argument to indices() is an integer. Users are strongly advised to upgrade to version 1.22.0 or later to address this security issue. The fix was implemented through a patch that validates the argument type before processing (GitHub PR, Release Notes).

The vulnerability has been acknowledged and addressed by major Linux distributions including Fedora, which has released security updates to address both CVE-2023-7158 and CVE-2023-7152 in their package updates (Fedora Update).