Lucene search

K

GitHub Advisory DatabaseGHSA-V9JG-M6G5-H3HH

HistoryMay 14, 2022 - 2:23 a.m.

ChakraCore RCE Vulnerability

2022-05-1402:23:11

CWE-119

GitHub Advisory Database

github.com

10

chakra javascript engine

microsoft edge

remote code execution

memory corruption

web vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.96

Percentile

99.5%

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Scripting Engine Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.

Affected configurations

Vulners

Node

microsoft.chakracoreRange<1.2.1

References

docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-119

github.com/advisories/GHSA-v9jg-m6g5-h3hh

github.com/chakra-core/ChakraCore/commit/f05c42e64c3b2d057ae1a52fe1917af26c9f2737

github.com/chakra-core/ChakraCore/pull/1737

nvd.nist.gov/vuln/detail/CVE-2016-3386

web.archive.org/web/20210623181040/www.securityfocus.com/bid/93426

web.archive.org/web/20211208062350/www.securitytracker.com/id/1036993

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.96

Percentile

99.5%

Related for GHSA-V9JG-M6G5-H3HH

prion4 github3 osv4 cvelist4 nvd4 cve4 symantec4 checkpoint_advisories3 zdi1 mscve2 mskb4 openvas1 nessus1 kaspersky1