Microsoft ChakraCore is vulnerable to information disclosure. A lack of validation of the length in IsMissingItem
function can result in heap over-read during slice()
which reads into unauthorized memory space and allows a remote attacker to retrieve confidential information which would aids in further attacks against the system.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft.chakracore | le | 1.4.1 | |
microsoft.chakracore.vc140 | eq | 1.4.1 |