Miggo Logo

CVE-2017-11797: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.9603%
Published
5/17/2022
Updated
10/24/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.7.31.7.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper handling of argument emission sequences when array destructuring introduced try/catch/finally blocks. The patch replaced direct ArgOut emission with temporary storage (via EmitArgsWithArgOutsAtEnd) and modified EmitArgs/EmitSpreadArgToListBytecodeInstr. The original functions lacked safeguards for intermediate exception handling, making them susceptible to memory corruption during bailout scenarios.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***kr**or* *llows *n *tt**k*r to *x**ut* *r*itr*ry *o** in t** *ont*xt o* t** *urr*nt us*r, *u* to *ow t** ***kr**or* s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* "S*riptin* *n*in* In*orm*tion *is*losur* Vuln*r**ility". T*is *V* I* is uniqu* *rom

Reasoning

T** vuln*r**ility st*mm** *rom improp*r **n*lin* o* *r*um*nt *mission s*qu*n**s w**n *rr*y **stru*turin* intro*u*** try/**t**/*in*lly *lo*ks. T** p*t** r*pl**** *ir**t `*r*Out` *mission wit* t*mpor*ry stor*** (vi* `*mit*r*sWit**r*Outs*t*n*`) *n* mo*i