CVE-2018-8319

CRITICAL

Microsoft Research JavaScript Cryptography Library - Info Disclosure

Title source: llm

Description

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104655

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041268

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319

Scores

CVSS v3 9.8

EPSS 0.1325

EPSS Percentile 94.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-682

Status published

Affected Products (2)

microsoft/research_javascript_cryptography_library

npm/msrcrypto < 1.4.1npm

Timeline

Published Jul 11, 2018

Tracked Since Feb 18, 2026