Lucene search

GitHub Advisory DatabaseGHSA-67F9-QMG7-FMCQ

HistoryMay 13, 2022 - 1:18 a.m.

ChakraCore RCE Vulnerability

2022-05-1301:18:35

CWE-787

GitHub Advisory Database

github.com

0.064 Low

EPSS

Percentile

93.6%

JSON

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka “Chakra Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.

CPENameOperatorVersion
microsoft.chakracorelt1.8.2

CPE	Name	Operator	Version
	microsoft.chakracore	lt	1.8.2

References

github.com/advisories/GHSA-67f9-qmg7-fmcq

github.com/chakra-core/ChakraCore/commit/7087c314a67631a0a3094bc2f741991ee10f5b5a

nvd.nist.gov/vuln/detail/CVE-2018-0874

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0874

web.archive.org/web/20201021051922/www.securitytracker.com/id/1040507

web.archive.org/web/20210124144659/www.securityfocus.com/bid/103269

0.064 Low

EPSS

Percentile

93.6%

JSON

Related for GHSA-67F9-QMG7-FMCQ