Miggo Logo
Miggo Vulnerability Database
CVE-2019-0806

CVE-2019-0806:
ChakraCore RCE Vulnerability

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2019-0806
GHSA ID
GHSA-hg36-rmmm-hc5r
EPSS Score
0.88665%
CWE
CWE-787
Published
5/13/2022
Updated
9/28/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.81.11.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper type handling when objects become prototypes. Key issues were:

  1. In GlobOptFields.cpp, ProcessFieldKills failed to fully invalidate types via KillAllObjectTypes(), leaving incorrect JIT assumptions.
  2. In Lower.cpp, field store operations didn't check IsPrototype() status or invalidate prototype caches, allowing type confusion. The patch adds these checks and invalidation calls (HelperInvalidateProtoCaches), confirming these were missing vectors. The CWE-787 (OOB write) manifests when type confusion leads to memory corruption via invalid memory accesses.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* '***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-**

Reasoning

T** vuln*r**ility st*ms *rom improp*r typ* **n*lin* w**n o*j**ts ***om* prototyp*s. K*y issu*s w*r*: *. In *lo*Opt*i*l*s.*pp, Pro**ss*i*l*Kills **il** to *ully inv*li**t* typ*s vi* Kill*llO*j**tTyp*s(), l**vin* in*orr**t JIT *ssumptions. *. In Low*r.