Miggo Logo

CVE-2017-11916: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.95257%
Published
5/17/2022
Updated
7/27/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.7.51.7.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit 69e03c3 in PR#4411 explicitly addresses CVE-2017-11916 by adding bailout checks to helper call instructions in these functions. The vulnerability stemmed from missing safeguards for implicit calls during JIT optimization of RegExp/string operations, allowing memory corruption via crafted objects. The code changes directly modify these functions to insert AddBailoutToHelperCallInstr, confirming their role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***kr**or* *llows *n *tt**k*r to *x**ut* *r*itr*ry *o** in t** *ont*xt o* t** *urr*nt us*r, *u* to *ow t** ***kr**or* s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* "S*riptin* *n*in* M*mory *orruption Vuln*r**ility". T*is *V* I* is uniqu* *rom *V*-*

Reasoning

T** *ommit ******* in PR#**** *xpli*itly ***r*ss*s *V*-****-***** *y ***in* **ilout ****ks to **lp*r **ll instru*tions in t**s* *un*tions. T** vuln*r**ility st*mm** *rom missin* s****u*r*s *or impli*it **lls *urin* JIT optimiz*tion o* `R***xp`/`strin