GHSA-w4qx-vw2w-q566

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w4qx-vw2w-q566/GHSA-w4qx-vw2w-q566.json

Aliases

CVE-2018-8243

Published

2022-05-13T01:20:43Z

Modified

2023-08-28T22:31:34.445815Z

Details

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-8243
https://github.com/chakra-core/ChakraCore/wiki/Roadmap#v185
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8243
https://web.archive.org/web/20210124175604/http://www.securityfocus.com/bid/104403

Affected packages

NuGet / Microsoft.ChakraCore

Source Details

Package Name: Microsoft.ChakraCore

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.8.5

Affected versions

1.*

1.2.0

1.2.1

1.2.2

1.2.3

1.2.6.62716-preview

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.5.0

1.5.1

1.5.2

1.5.3

1.6.0

1.6.2

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.7.6

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}