CVE-2017-8659

MEDIUM4.3EPSS 14.6%

ChakraCore information disclosure vulnerability

發布日:2022/5/17修改日:2024/2/16

描述

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".

受影響套件(1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.6.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

參考連結(7)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-8659
PATCHhttps://github.com/chakra-core/ChakraCore
WEBhttps://github.com/chakra-core/ChakraCore/commit/2500e1cdc12cb35af73d5c8c9b85656aba6bab4d
WEBhttps://github.com/chakra-core/ChakraCore/pull/3509
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8659
WEBhttps://web.archive.org/web/20210612224703/http://www.securityfocus.com/bid/100029
WEBhttps://web.archive.org/web/20211127144809/http://www.securitytracker.com/id/1039095