Miggo Logo
Miggo Vulnerability Database
CVE-2018-8294

CVE-2018-8294:
ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-8294
GHSA ID
GHSA-gxxx-j8m7-hh7m
EPSS Score
0.9373%
CWE
CWE-787
Published
5/13/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.10.11.10.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of 'new.target' and frame display parameters during cross-context marshalling. The commit fixes two key issues: 1) In CrossSite.cpp, the original code checked for 'HasExtraArg()' before 'HasNewTarget()', leading to incorrect marshalling of the last parameter as a frame display instead of 'new.target'. This could result in an out-of-bounds write. 2) In Arguments.h, the assertion in GetFrameDisplay() did not validate the absence of 'new.target', allowing invalid memory access. Both functions directly contributed to the memory corruption vulnerability by enabling improper parameter handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* "***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility." T*is *****ts Mi*roso*t ****, ***kr**or*. T*is *V* I*

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* 'n*w.t*r**t' *n* *r*m* *ispl*y p*r*m*t*rs *urin* *ross-*ont*xt m*rs**llin*. T** *ommit *ix*s two k*y issu*s: *) In `*rossSit*.*pp`, t** ori*in*l *o** ****k** *or '**s*xtr**r*()' ***or* '**sN*wT*r**t()