Miggo Logo

CVE-2016-7189: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.9904%
Published
5/14/2022
Updated
11/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.2.11.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from: 1) Type confusion in array operations (TemplatedGetItem/MapHelper) due to prototype chain side-effects, 2) Missing integrity checks in JIT compilation (Encoder::Encode), and 3) Unsafe spread optimizations. The commit adds CRC validation, prototype gap checks, and replaces unsafe TemplatedGetItem with TryTemplatedGetItem, directly addressing these vulnerable patterns.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** ***kr* J*v*S*ript *n*in* in Mi*roso*t **** *llows r*mot* *tt**k*rs to *x**ut* *r*itr*ry *o** vi* * *r**t** w** sit*, *k* "S*riptin* *n*in* R*mot* *o** *x**ution Vuln*r**ility."

Reasoning

T** vuln*r**ility st*ms *rom: *) Typ* *on*usion in *rr*y op*r*tions (T*mpl*t****tIt*m/M*p**lp*r) *u* to prototyp* ***in si**-*****ts, *) Missin* int**rity ****ks in JIT *ompil*tion (`*n*o**r::*n*o**`), *n* *) Uns*** spr*** optimiz*tions. T** *ommit *