CVE-2019-0860

CWE-787Out-of-bounds Write10 documents5 sources
Severity
7.5HIGH
EPSS
10.5%
top 6.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ChakracoreMicrosoft Microsoft Edge
Timeline
PublishedApr 9
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

NVDmicrosoft/chakracore< 1.11.8
NuGetMicrosoft.ChakraCore< 1.11.8
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

8
GHSA
ChakraCore Memory Corruption Vulnerability2022-05-13
OSV
ChakraCore Memory Corruption Vulnerability2022-05-13
GHSA
ChakraCore Memory Corruption Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13
GHSA
ChakraCore RCE Vulnerability2022-05-13

📋Vendor Advisories

1
Microsoft
Chakra Scripting Engine Memory Corruption Vulnerability2019-04-09
CVE-2019-0860 (HIGH CVSS 7.5) | A remote code execution vulnerabili | cvebase.io