CVE-2018-8319

CRITICAL

Microsoft Research JavaScript Cryptography Library - Info Disclosure

Title source: llm

Description

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104655

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041268

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319

Scores

CVSS v3 9.8

EPSS 0.1482

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-682

Status published

Products (2)

microsoft/research_javascript_cryptography_library 1.4

npm/msrcrypto 0 - 1.4.1npm

Published Jul 11, 2018

Tracked Since Feb 18, 2026