Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists due to a memory error when StackScriptFunction::BoxState::Box, in lib/Runtime/Library/StackScriptFunction.cpp, is called...

Microsoft Edge Chakra - 'StackScriptFunction::BoxState::Box' Accesses to Uninitialized Pointers (Denial of Service)

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1338 Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone...