Miggo Logo
Miggo Vulnerability Database
CVE-2019-0639

CVE-2019-0639:
High severity vulnerability that affects Microsoft.ChakraCore

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-0639
GHSA ID
GHSA-6jf5-rmhv-38cw
EPSS Score
0.93039%
CWE
CWE-190
Published
4/9/2019
Updated
1/9/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.71.11.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability descriptions reference CWE-190 (Integer Overflow) and memory corruption in ChakraCore's object handling, but no specific code snippets, commit diffs, or technical implementation details are available in the sources. While the CWE suggests an integer overflow in memory operations, Microsoft's security guidance links are non-functional, and the ZDI advisory references a different CVE (CVE-2020-0639). Without concrete evidence of patched functions or code context (e.g., function names, file paths), identifying specific vulnerable functions with high confidence is impossible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr**or* s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****, *V*-****-****, *V

Reasoning

T** provi*** vuln*r**ility **s*riptions r***r*n** *W*-*** (Int***r Ov*r*low) *n* m*mory *orruption in ***kr**or*'s o*j**t **n*lin*, *ut no sp**i*i* *o** snipp*ts, *ommit *i**s, or t***ni**l impl*m*nt*tion **t*ils *r* *v*il**l* in t** sour**s. W*il* t