-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper stack cleanup during exception handling in ChakraCore's JIT engine. The commit patches show critical additions of tryHandlerAddrOfReturnAddr checks and WalkStackForCleaningUpInlineeInfo calls in these functions. Prior to the fix, the absence of these checks allowed invalid memory access when resolving exception contexts, creating opportunities for out-of-bounds writes. The functions directly manipulate exception propagation and stack frames, making them the logical attack surface for CWE-787 exploitation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.3 | 1.11.3 |