ChakraCore RCE Vulnerability

GHSA-6p7q-85qq-7c43 · CVE-2017-0234

Published May 17, 2022 · Modified Feb 16, 2024

Description

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-0234
WEB https://github.com/chakra-core/ChakraCore/pull/2959
WEB https://github.com/chakra-core/ChakraCore/commit/a1345ad48064921e8eb45fa0297ce405a7df14d3
PACKAGE https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0234
WEB https://web.archive.org/web/20210124044042/http://www.securityfocus.com/bid/98229
WEB https://web.archive.org/web/20211019191652/http://www.securitytracker.com/id/1038431

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes