-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.8.3 | 1.8.3 |
Miggo AIRoot Cause AnalysisThe patch introduces RAII guards (PendingFinallyExceptionStack) to manage 'pendingFinallyException', indicating the original code lacked proper cleanup. The vulnerability stemmed from setting 'pendingFinallyException' in exception-handling paths (e.g., finally blocks) without guaranteeing its reset, leading to use-after-free when the object was recycled but the pointer remained. The affected functions are those directly interacting with this pointer without RAII, as seen in the diff modifications.