Miggo Logo

CVE-2016-3202: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.94648%
Published
5/14/2022
Updated
11/2/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.2.0.01.2.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diff shows the vulnerability stemmed from unvalidated array indexing in propertyIdsForScopeSlotArray assignments. The original code used sym->GetScopeSlot() directly as an array index without bounds checks. The patch introduced a lambda (setPropertyIdForScopeSlotArray) to add validation. The CWE-119 classification and advisory descriptions confirm this was a memory corruption issue caused by improper bounds restrictions during bytecode emission.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** Mi*roso*t (*) ***kr* J*v*S*ript, (*) JS*ript, *n* (*) V*S*ript *n*in*s, *s us** in Mi*roso*t Int*rn*t *xplor*r ** *n* ** *n* Mi*roso*t ****, *llow r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** or **us* * **ni*l o* s*rvi** (m*mory *orruption) vi* * *

Reasoning

T** *ommit *i** s*ows t** vuln*r**ility st*mm** *rom unv*li**t** *rr*y in**xin* in `prop*rtyI*s*orS*op*Slot*rr*y` *ssi*nm*nts. T** ori*in*l *o** us** `sym->**tS*op*Slot()` *ir**tly *s *n *rr*y in**x wit*out *oun*s ****ks. T** p*t** intro*u*** * l*m**