CVE-2017-0252

CRITICAL9.8EPSS 24.3%

ChakraCore RCE Vulnerability

發布日:2022/5/17修改日:2024/2/16

描述

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.

受影響套件(1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.4.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-0252
PATCHhttps://github.com/chakra-core/ChakraCore
WEBhttps://github.com/chakra-core/ChakraCore/commit/f95aa762f89adb4c5ae187e2ee11c37add784ee9
WEBhttps://github.com/Microsoft/ChakraCore/pull/2959