CVE-2023-37141

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray...

ChakraCore 缓冲区错误漏洞

ChakraCore is a chakra-core open source JavaScript engine with C API. ChakraCore has a security vulnerability that stems from a stack overflow vulnerability contained in the function Js::ScopeSlots::IsDebuggerScopeSlotArray...

PT-2023-25799 · Microsoft · Chakracore

Name of the Vulnerable Software and Affected Versions: ChakraCore version cbb9b Description: A stack overflow issue was discovered in ChakraCore via the Js::ScopeSlots::IsDebuggerScopeSlotArray function. Recommendations: For ChakraCore version cbb9b, as a temporary workaround, consider disabling...

ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223...

GHSA-GHWQ-7V3R-5433 ChakraCore RCE Vulnerability

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223...

Out-of-Bounds

Overview Microsoft.ChakraCore.vc140 is a core part of the Chakra JavaScript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects ...

Out-of-Bounds

Overview Microsoft.ChakraCore.vc140 is a core part of the Chakra JavaScript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects ...

Information Exposure

Overview Microsoft.ChakraCore.vc140 is a core part of the Chakra JavaScript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Information Exposure when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploite...

Information Exposure

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Information Exposure when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the...

Information Exposure

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Information Exposure. Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's...

GHSA-PCR8-75V3-W9PF Chakra Core vulnerable to privilege escalation due to type confusion

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Individual Export in module...

GHSA-9F2P-WM46-6M5F Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript nu...

Chakra Core vulnerable to privilege escalation due to type confusion

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Individual Export in module...

Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory. This could be exploited using write-AV when writing to a slot of a JavaScript nu...

GHSA-43QP-HPHF-5RJW Chakra Core vulnerable to privilege escalation due to reading an invalid pointer

ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". When trying to get...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds when visiting a crafted website. An attacker can execute arbitrary code via the Chakra JavaScript engine in Microsoft Edge...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds via the Chakra JavaScript engine in Microsoft Edge. An attacker can execute arbitrary code or cause a denial of service memory...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds via the Chakra JavaScript engine. An attacker can execute arbitrary code or cause a denial of service memory corruption by...

Denial of Service (DoS)

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Denial of Service DoS via the Chakra JavaScript engine. An attacker can execute arbitrary code or cause a denial of service memory corruption...

Out-of-Bounds

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds via the Chakra JavaScript engine in Microsoft Edge. An attacker can execute arbitrary code or cause a denial of service memory...