CVE-2019-1366 — Out-of-bounds Write in Microsoft Chakracore

CWE-787 — Out-of-bounds Write8 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

21

Microsoft Chakracore Microsoft Edge ON Windows 10 FOR 32-bit Systems Microsoft Edge ON Windows 10 FOR X64-based Systems +18 more

Timeline

PublishedOct 10

Latest updateMar 29

Description

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages21 packages

▶CVEListV5microsoft/microsoft_edge_on_windows_server_2019unspecified

▶CVEListV5microsoft/chakracoreunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_server_2016unspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_for_x64-based_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

6

GHSA

Out-of-bounds write↗2021-03-29

▶

OSV

Out-of-bounds write↗2021-03-29

▶

GHSA

Out-of-bounds write↗2021-03-29

▶

GHSA

Out-of-bounds write↗2021-03-29

▶

GHSA

Out-of-bounds write↗2021-03-29

▶

📋Vendor Advisories

1

Microsoft

Chakra Scripting Engine Memory Corruption Vulnerability↗2019-10-08

▶

CVE-2019-1366 — Out-of-bounds Write in Microsoft | cvebase