Miggo Logo

CVE-2020-0811: ChakraCore RCE Vulnerability

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.86952%
Published
5/24/2022
Updated
7/13/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.171.11.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability was addressed by replacing platform.Map with a custom IntlCache that enforces size limits (PR #6385/commit 7e2c360). The key issue was improper memory buffer management in locale handling - the Map-based cache lacked eviction logic, creating potential for memory corruption through uncontrolled growth. The CWE-119 classification and RCE impact suggest this cache management flaw was the attack surface for memory corruption.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr* s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t **** (*TML-**s**)L, *k* ***kr* S*riptin* *n*in* M*mory *orruption Vuln*r**ility. T*is *V* I* is uniqu* *rom *V*-****-****.

Reasoning

T** vuln*r**ility w*s ***r*ss** *y r*pl**in* `pl*t*orm.M*p` wit* * *ustom `Intl*****` t**t *n*or**s siz* limits (PR #****/*ommit *******). T** k*y issu* w*s improp*r m*mory *u***r m*n***m*nt in lo**l* **n*lin* - t** `M*p`-**s** ***** l**k** *vi*tion