Segmentation Violation in ChakraCore's Memory Management Functions
CVE-2023-37141

5.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Chakracore
Vendor: CVE Published:; 18 July 2023

Summary

A segmentation violation has been identified in ChakraCore, specifically within the memory management functions of the Js::ProfilingHelpers::ProfiledNewScArray() method. This vulnerability may lead to unintended behavior in applications utilizing ChakraCore, potentially resulting in stability issues or crashes. Users and developers relying on this framework should examine their implementations to mitigate any risks associated with this vulnerability.

References

https://github.com/chakra-core/ChakraCore/issues/6886

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 18, 2023
Vulnerability Reserved
Jun 28, 2023