Published: 12/04/2018 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft edge
microsoft chakracore

/* Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks But the class follows the linked list instaed of the control flow This may lead to incorrectly remove the bound checks In the following code, currentBlock's block number is 4 and hoistBlock's block number is 1 (please see the ...

Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks But the class follows the linked list instead of the control flow This may lead to incorrectly remove the bound checks ...

CWE-787 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980 http://www.securitytracker.com/id/1040650 http://www.securityfocus.com/bid/103626 https://www.exploit-db.com/exploits/44653/https://nvd.nist.gov https://www.exploit-db.com/exploits/44653/

CVE-2018-0980

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect