Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2019-1308

CVE-2019-1308:
Out-of-bounds write

7.5

CVSS Score

Basic Information

CVE ID
CVE-2019-1308
GHSA ID
GHSA-vw2g-5827-m9fp
EPSS Score
-
CWE
CWE-787
Published
3/29/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.141.11.14

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in optimization passes handling type checks and memory operations. Key issues were identified in: 1) BackwardPass.cpp's failure to restrict type check elimination for stores (risk of aux slot miscalculations), 2) GlobOptFields.cpp's type mismatch handling during property specialization (incorrect type assumptions), and 3) Lower.cpp's type check validation gaps for destination operands (missing write validation). These were directly addressed in security patches through boundary checks and condition tightening, indicating they were root causes of the OOB write vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t ****, *k* '***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-**

Reasoning

T** vuln*r**ility m*ni**sts in optimiz*tion p*ss*s **n*lin* typ* ****ks *n* m*mory op*r*tions. K*y issu*s w*r* i**nti*i** in: *) ***kw*r*P*ss.*pp's **ilur* to r*stri*t typ* ****k *limin*tion *or stor*s (risk o* *ux slot mis**l*ul*tions), *) *lo*Opt*i