ghsa-43qp-hphf-5rjw
Vulnerability from github
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". When trying to get inlineCaches for a ScriptFunctionWithInlineCache, if the function got redefered and was not reparsed, the function body (and inlineCache on function body) won’t be there, potentially leading to a privilege escalation.
This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873.
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.ChakraCore"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-11871"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-27T19:39:18Z",
"nvd_published_at": "2017-11-15T03:29:00Z",
"severity": "HIGH"
},
"details": "ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". When trying to get `inlineCache`s for a `ScriptFunctionWithInlineCache`, if the function got redefered and was not reparsed, the function body (and `inlineCache` on function body) won\u2019t be there, potentially leading to a privilege escalation.\n\nThis CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873.",
"id": "GHSA-43qp-hphf-5rjw",
"modified": "2023-10-10T16:27:10Z",
"published": "2022-05-17T00:19:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11871"
},
{
"type": "WEB",
"url": "https://github.com/chakra-core/ChakraCore/pull/4226"
},
{
"type": "WEB",
"url": "https://github.com/chakra-core/ChakraCore/commit/9d211a417757ba1ddcd0f2e72d9553535256107e"
},
{
"type": "PACKAGE",
"url": "https://github.com/chakra-core/ChakraCore"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11871"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210124114740/http://www.securityfocus.com/bid/101730"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20210517135249/http://www.securitytracker.com/id/1039780"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Chakra Core vulnerable to privilege escalation due to reading an invalid pointer"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.