CVE-2024-8947: 
Python vulnerability analysis and mitigation

A critical use-after-free vulnerability was discovered in MicroPython version 1.22.2, identified as CVE-2024-8947. The vulnerability affects the objarray component in the file py/objarray.c, where when a bytes object is resized and copied into itself, it may reference memory that has already been freed. The issue was discovered by researchers Junwha Hong and Wonil Jang from S2Lab in UNIST and was disclosed in December 2023 (GitHub Issue).

The vulnerability occurs in the array_subscr function within py/objarray.c when a bytearray object is manipulated to extend from itself. When m_renew causes realloc to move the buffer, it leaves a dangling pointer behind. The issue manifests when the source and destination buffers are the same, and memory reallocation occurs during the operation. The vulnerability has been assigned a CVSS v3.1 base score of 8.1 HIGH (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

While the vulnerability is classified as critical, its actual impact in default configurations with GIL (Global Interpreter Lock) is limited. The freed buffer won't be reused while the function is still executing and is no longer referenced after it returns. However, in configurations without GIL protection, this could lead to memory corruption and potential code execution (GitHub Issue).

The vulnerability has been fixed in MicroPython version 1.23.0. The fix involves properly handling the source buffer when m_renew causes memory reallocation, ensuring that the source pointer is updated when the destination buffer moves. Users are recommended to upgrade to version 1.23.0 or later to address this issue (GitHub Release).