-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.10.2 | 1.10.2 |
Miggo AIRoot Cause AnalysisThe commit 63ae30a in the ChakraCore repository explicitly addresses CVE-2018-8390 by modifying a critical condition in NativeCodeGenerator::GatherCodeGenData. The vulnerability stemmed from improper handling of deferred function inlining in the JIT compiler, where a mismatch between fixed function objects and their execution context could lead to memory corruption. The code change directly correlates with the CWE-787 (Out-of-bounds Write) description and the advisory's focus on object memory handling flaws in the scripting engine.