CVE-2018-8624

HIGH7.5EPSS 19.2%

ChakraCore Remote code execution Vulnerability

Published: 5/13/2022Modified: 2/16/2024

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.11.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-8624
WEBhttps://github.com/chakra-core/ChakraCore/commit/8264b9bcdb08daf4309415319c7a8e03d1736dce
WEBhttps://github.com/chakra-core/ChakraCore/pull/5869
WEBhttps://github.com/Microsoft/ChakraCore/wiki/Roadmap#v1114
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624
WEBhttps://web.archive.org/web/20210124222846/http://www.securityfocus.com/bid/106114