CVE-2018-8459Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write8 documents5 sources
Severity
7.5HIGHNVD
EPSS
27.3%
top 3.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedSep 13
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages3 packages

CVEListV5microsoft/chakracoreChakraCore
CVEListV5microsoft/microsoft_edgeWindows 10 Version 1803 for 32-bit Systems, Windows 10 Version 1803 for x64-based Systems+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

6
OSV
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2018-09-11
CVE-2018-8459 — Out-of-bounds Write in Microsoft | cvebase