CVE-2017-8659
MEDIUM4.3EPSS 14.6%ChakraCore information disclosure vulnerability
Published: 5/17/2022Modified: 2/16/2024
Description
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
Affected packages (1)
- NuGet/Microsoft.ChakraCorefrom 0, < 1.6.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8659
- PATCHhttps://github.com/chakra-core/ChakraCore
- WEBhttps://github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
- WEBhttps://github.com/chakra-core/ChakraCore/pull/3509
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
- WEBhttps://web.archive.org/web/20210612224703/http://www.securityfocus.com/bid/100029
- WEBhttps://web.archive.org/web/20211127144809/http://www.securitytracker.com/id/1039095