Miggo Logo
Miggo Vulnerability Database
CVE-2018-8543

CVE-2018-8543: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-8543
GHSA ID
GHSA-h9cr-2hcf-cg8p
EPSS Score
0.89812%
CWE
CWE-787
Published
5/13/2022
Updated
10/6/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.31.11.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The commit diffs directly modify these functions to address memory safety issues. For IRBuilder::GetEnvironmentOperand, the patch introduces environment reload logic to prevent stale pointer usage (critical for preventing OOB writes). For Inline::MapFormals, the added JIT optimization flag ensures proper register tracking, mitigating corruption risks. Both changes align with the CWE-787 (out-of-bounds write) description and the RCE vulnerability pattern in JIT engine memory handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* "***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility." T*is *****ts Mi*roso*t ****, ***kr**or*. T*is *V* I*

Reasoning

T** *ommit *i**s *ir**tly mo*i*y t**s* *un*tions to ***r*ss m*mory s***ty issu*s. *or `IR*uil**r::**t*nvironm*ntOp*r*n*`, t** p*t** intro*u**s *nvironm*nt r*lo** lo*i* to pr*v*nt st*l* point*r us*** (*riti**l *or pr*v*ntin* OO* writ*s). *or `Inlin*::