CVE-2017-8658: ChakraCore RCE Vulnerability
9.8
CVSS Score
3.0
Basic Information
CVE ID
GHSA ID
EPSS Score
0.96909%
CWE
Published
5/17/2022
Updated
10/24/2023
KEV Status
No
Technology
C#
Technical Details
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Microsoft.ChakraCore | nuget | < 1.6.1 | 1.6.1 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The analysis focused on: 1) The commit message specifically calls out improper handling of deferred function
stubs in formal arguments (CVE-2017-8658), fixed in Parse.cpp
. 2) Security.cpp
changes show critical fixes to constant blinding mentioned in the vulnerability description. 3) ObjTypeSpecFldInfo.cpp
modifications add bounds checks to prevent memory corruption vectors. These functions
directly match the vulnerability patterns described in the CVE and commit details.