Miggo Logo

CVE-2018-8381: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.89418%
Published
5/13/2022
Updated
8/28/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.10.21.10.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit 1b77d55 specifically addresses CVE-2018-8381 by modifying MarshalDynamicObject in CrossSite.cpp. The added proxy check prevents prototype chain traversal re-entrancy, which the vulnerability description links to type confusion and memory corruption. The CWE-787 (OOB write) aligns with memory corruption scenarios arising from this flaw.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* "***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility." T*is *****ts Mi*roso*t ****, ***kr**or*. T*is *V* I*

Reasoning

T** *ommit ******* sp**i*i**lly ***r*ss*s *V*-****-**** *y mo*i*yin* `M*rs**l*yn*mi*O*j**t` in `*rossSit*.*pp`. T** ***** proxy ****k pr*v*nts prototyp* ***in tr*v*rs*l r*-*ntr*n*y, w*i** t** vuln*r**ility **s*ription links to typ* *on*usion *n* m*mo