Miggo Logo
Miggo Vulnerability Database
CVE-2018-8227

CVE-2018-8227: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-8227
GHSA ID
GHSA-gqh4-4r89-pr95
EPSS Score
0.96348%
CWE
CWE-787
Published
5/13/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.8.51.8.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper bounds checking in the JIT compiler's object type handling. The commit diff shows a critical modification in Func.cpp where a weak Assert() was replaced with AssertOrFailFast() to validate() array indices. This indicates the original Func constructor lacked proper release-build validation for ObjTypeSpecFldId values, enabling OOB writes to m_globalObjTypeSpecFldInfoArray when fed malicious input. The CWE-787 classification and commit message explicitly reference this JIT processing flaw as the root cause.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* "***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility." T*is *****ts Mi*roso*t ****, ***kr**or*. T*is *V* I*

Reasoning

T** vuln*r**ility st*ms *rom improp*r *oun*s ****kin* in t** JIT *ompil*r's o*j**t typ* **n*lin*. T** *ommit *i** s*ows * *riti**l mo*i*i**tion in `*un*.*pp` w**r* * w**k `*ss*rt()` w*s r*pl**** wit* `*ss*rtOr**il**st()` to `v*li**t*()` *rr*y in*i**s