Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-8384

Good to know:

icon

Date: August 15, 2018

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.

Language: C#

Severity Score

Related Resources (10)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8384
http://www.securityfocus.com/bid/104981
https://www.exploit-db.com/exploits/45431
https://github.com/chakra-core/ChakraCore/commit/765bcd2c801eedc07fd0a4e90f69d41c483aa74a
https://github.com/chakra-core/ChakraCore
https://www.exploit-db.com/exploits/45431/
https://github.com/chakra-core/ChakraCore/pull/5596
https://nvd.nist.gov/vuln/detail/CVE-2018-8384
https://web.archive.org/web/20210124194908/http://www.securityfocus.com/bid/104981
https://www.mend.io/vulnerability-database/CVE-2018-8384

Severity Score

Weakness Type (CWE)

Buffer Errors

CWE-119

Access of Resource Using Incompatible Type ('Type Confusion')

CWE-843

Top Fix

icon

Upgrade Version

Upgrade to version 1.10.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): HIGH
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): COMPLETE
Availability (A): COMPLETE
Additional information:

Do you need more information?

Contact Us