Lucene search

K

GoogleOSV:GHSA-7GJV-9M33-CHG8

HistoryMay 13, 2022 - 1:18 a.m.

ChakraCore RCE Vulnerability

2022-05-1301:18:34

Google

osv.dev

15

chakracore

remote code execution

memory corruption

EPSS

0.951

Percentile

99.4%

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.

References

github.com/chakra-core/ChakraCore

github.com/chakra-core/ChakraCore/commit/972009a89e51c69971b80b1f5394886b304f880a

nvd.nist.gov/vuln/detail/CVE-2018-0858

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0858

web.archive.org/web/20210124135655/www.securityfocus.com/bid/102865

web.archive.org/web/20211208072939/www.securitytracker.com/id/1040372

EPSS

0.951

Percentile

99.4%

Related for OSV:GHSA-7GJV-9M33-CHG8

cve13 nvd13 veracode12 cvelist13 github10 osv9 prion13 kaspersky2 mskb10 openvas9 nessus9 trendmicroblog1 symantec13 mscve13 checkpoint_advisories8 exploitdb7 zdt7 talosblog1 packetstorm5 seebug2 ics1