Miggo Logo
Miggo Vulnerability Database
CVE-2019-1298

CVE-2019-1298: Out-of-bounds write

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-1298
GHSA ID
GHSA-2452-3rwv-x89c
EPSS Score
0.88665%
CWE
CWE-787
Published
3/29/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.131.11.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patches added critical validation in TrackObjTypeSpecProperties (checking SetMonoGuardType return value) and in SetMonoGuardType itself (type compatibility checks). These changes directly address scenarios where invalid types could be used for optimizations, which matches the CWE-787 (out-of-bounds write) description. The functions' roles in type-specific JIT optimizations align with the vulnerability's root cause analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* '***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-**

Reasoning

T** p*t***s ***** *riti**l `v*li**tion` in `Tr**kO*jTyp*Sp**Prop*rti*s` (****kin* `S*tMono*u*r*Typ*` r*turn v*lu*) *n* in `S*tMono*u*r*Typ*` its*l* (typ* *omp*ti*ility ****ks). T**s* ***n**s *ir**tly ***r*ss s**n*rios w**r* inv*li* typ*s *oul* ** us*