CVE-2019-0648Sensitive Information Exposure in Microsoft Chakracore

5 documents5 sources
Severity
4.3MEDIUMNVD
GHSA6.5OSV6.5
EPSS
14.2%
top 5.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Edge
Timeline
PublishedMar 5
Latest updateMay 13

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from C

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge12 versions+11

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
OSV
ChakraCore information disclosure vulnerability2022-05-13
GHSA
ChakraCore information disclosure vulnerability2022-05-13
CVEList
CVE-2019-0648: An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with infor2019-03-06

📋Vendor Advisories

1
Microsoft
Scripting Engine Information Disclosure Vulnerability2019-02-12
CVE-2019-0648 — Sensitive Information Exposure | cvebase