Overview
- Description
- A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
- Source
- secure@microsoft.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.6
- Impact score
- 10
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- ChakraCore Scripting Engine Type Confusion Vulnerability
- Exploit added on
- Mar 3, 2022
- Exploit action due
- Mar 17, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-843
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1D4D1CA-4CAA-465A-907E-FCF44DFED092",
"versionEndExcluding": "1.10.1"
}
],
"operator": "OR"
}
]
}
]