Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2016-3350

CVE-2016-3350:
ChakraCore RCE Vulnerability

7.5

CVSS Score

Basic Information

CVE ID
CVE-2016-3350
GHSA ID
GHSA-p94c-r74j-43qg
EPSS Score
-
CWE
CWE-119
Published
5/14/2022
Updated
11/2/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.2.11.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit patches two distinct vulnerabilities. For CVE-2016-3350 (CustomHeap): The FreeAllocation function lacked checks for invalid indices and page states, enabling memory corruption via malformed bit vector operations. For CVE-2016-3377 (Array.map): DirectSetItemAt bypassed type safety, allowing type confusion when user-controlled @@species constructors returned incompatible array types. Both functions are directly modified in the patch, and their vulnerabilities align with the CWE-119 memory corruption description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** ***kr* J*v*S*ript *n*in* in Mi*roso*t **** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** or **us* * **ni*l o* s*rvi** (m*mory *orruption) vi* * *r**t** w** sit*, *k* "S*riptin* *n*in* M*mory *orruption Vuln*r**ility," * *i***r*nt vuln*r**ilit

Reasoning

T** *ommit p*t***s two *istin*t vuln*r**iliti*s. *or *V*-****-**** (*ustom***p): T** *r***llo**tion *un*tion l**k** ****ks *or inv*li* in*i**s *n* p*** st*t*s, *n**lin* m*mory *orruption vi* m*l*orm** *it v**tor op*r*tions. *or *V*-****-**** (*rr*y.m