-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe commit diff shows critical changes in BackwardPass.cpp's ProcessSymUse and ProcessStackSymUse functions. The vulnerability (CWE-787) was caused by improper memory handling during stack variable tracking. The original code in ProcessSymUse conditionally invoked tempNumberTracker->ProcessUse without proper synchronization with ProcessStackSymUse, leading to a UAF. The patch consolidates this logic into ProcessStackSymUse with additional safeguards (DoMarkTempNumbers check), confirming the vulnerability's root cause in the pre-patch functions.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.4 | 1.8.4 |