-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.10 | 1.11.10 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper memory handling during JIT optimization. The patches modify BackwardPass::ProcessDef to track number-preservation status in loops (critical for array index safety) and fix an opcode in GlobOpt::InsertValueCompensation. Both changes directly address scenarios where type confusion or incorrect bounds calculations could lead to out-of-bounds writes. These functions are in the optimization pipeline handling memory operations, making them high-confidence candidates.