CVE-2018-8298

HIGH KEV

ChakraCore - Memory Corruption

Title source: llm

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · javascriptdoswindows

https://www.exploit-db.com/exploits/45217

View Code ZIP pw:eip

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104639

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8298

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45217/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-8298

Scores

CVSS v3 7.5

EPSS 0.8937

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-03

VulnCheck KEV 2022-03-03

InTheWild.io 2022-03-03

ENISA EUVD EUVD-2022-5575

CWE

CWE-843

Status published

Products (2)

microsoft/chakracore < 1.10.1

nuget/Microsoft.ChakraCore 0 - 1.10.1NuGet

Published Jul 11, 2018

KEV Added Mar 03, 2022

Tracked Since Feb 18, 2026