-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper memory handling in ChakraCore's PathTypeHandler. The patch adds a critical check to ClearSingletonInstanceIfSame() in GrowHandlerToBiggerSize, indicating the original code failed to clear singleton instances when modifying type paths. This omission could leave dangling pointers or invalid memory references, enabling memory corruption via out-of-bounds writes (CWE-787). The direct association between the patched code and the CWE, along with the commit's explicit CVE reference, confirms this function's role in the vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| Microsoft.ChakraCore | nuget | < 1.11.18 | 1.11.18 |