Miggo Logo

CVE-2019-0861:
ChakraCore Memory Corruption Vulnerability

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.90276%
Published
5/13/2022
Updated
9/28/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.81.11.8

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patch adds ImplicitCall_Accessor flag setting during property setter execution to prevent JIT optimization hazards. This indicates the vulnerable code path was in property assignment handling where accessors (getters/setters) could modify object types without proper JIT bailout signaling. The CWE-787 (OOB Write) manifests when type confusion leads to incorrect memory operations. The direct correlation between the patch location and the vulnerability description confirms this function's role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* '***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-**

Reasoning

T** p*t** ***s Impli*it**ll_****ssor *l** s*ttin* *urin* prop*rty s*tt*r *x**ution to pr*v*nt JIT optimiz*tion **z*r*s. T*is in*i**t*s t** vuln*r**l* *o** p*t* w*s in prop*rty *ssi*nm*nt **n*lin* w**r* ****ssors (**tt*rs/s*tt*rs) *oul* mo*i*y o*j**t