CVE-2018-0925

HIGH7.5EPSS 23.1%

ChakraCore RCE Vulnerability

Published: 5/13/2022Modified: 2/16/2024

Description

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.8.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0925
PATCHhttps://github.com/chakra-core/ChakraCore
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0925
WEBhttps://web.archive.org/web/20210124144841/http://www.securityfocus.com/bid/103287