Miggo Logo
Miggo Vulnerability Database
CVE-2021-42279

CVE-2021-42279:
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-42279
GHSA ID
GHSA-jgrp-6qqq-3284
EPSS Score
0.79274%
CWE
CWE-787
Published
5/24/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget<= 1.11.24

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes an out-of-bounds write in ChakraCore but does not include specific code references, commit diffs, or patch details. While the CWE-787 classification indicates a memory corruption pattern, the advisory and NVD entries lack technical details about implementation flaws in specific functions. Microsoft's security guidance and GitHub Advisory Database entries are similarly non-specific. Without concrete evidence of vulnerable function names/paths from source code analysis or patch comparisons, we cannot confidently identify exact vulnerable functions. Memory corruption in JavaScript engines often involves JIT compiler operations or array/buffer handling, but these are broad categories rather than specific functions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

***kr* S*riptin* *n*in* *n* ***kr**or* *r* vuln*r**l* to m*mory *orruption *u* to *n out-o*-*oun*s writ*. T** Mi*roso*t **visory *or *V*-****-***** w*s mo*i*i** in *u*ust **** to in*lu** Mi*roso*t.***kr**or* *s *n *****t** pro*u*t.

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n out-o*-*oun*s writ* in ***kr**or* *ut *o*s not in*lu** sp**i*i* *o** r***r*n**s, *ommit *i**s, or p*t** **t*ils. W*il* t** *W*-*** *l*ssi*i**tion in*i**t*s * m*mory *orruption p*tt*rn, t** **visory