CVE-2019-0806

HIGH7.5EPSS 8.0%

ChakraCore RCE Vulnerability

Published: 5/13/2022Modified: 2/16/2024

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.11.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0806
PATCHhttps://github.com/chakra-core/ChakraCore
WEBhttps://github.com/chakra-core/ChakraCore/commit/50d1e46aac450f236927b309854e77fce4acd49f
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0806