-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.2 | 1.8.2 |
Miggo AIRoot Cause AnalysisThe GitHub patch modifies Parser::ConstructFinalHintNode in Parse.cpp, specifically addressing the miscalculation of 'fullNameHintLength'. The original code set this value to 0 and used conditional checks to update *nameLength, while the patched version directly calculates it via wcslen(pFinalName). This indicates the vulnerability stemmed from improper length handling during string operations, consistent with CWE-787 (Out-of-bounds Write). The commit message explicitly ties this fix to CVE-2018-0873, confirming the function's role in the vulnerability.