-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper slot allocation checks in ChakraCore's bytecode emitter. The patch adds ByteCodeGenerator* parameters to IsInSlot/NeedsSlotAlloc and modifies NeedScopeObjectForArguments to include eval flag checks. Without these fixes, symbols might not be assigned proper slots, causing dereference of uninitialized stack locations. The functions directly handling slot allocation logic (IsInSlot, NeedsSlotAlloc) and scope object validation (NeedScopeObjectForArguments) are the root cause.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.3 | 1.8.3 |