CVE-2018-8298 — ChakraCore RCE Vulnerability

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.

How to fix CVE-2018-8298

To remediate CVE-2018-8298, upgrade the affected package to a fixed version below.

—upgrade to 1.10.1 or later

Is CVE-2018-8298 being exploited?

Yes — CVE-2018-8298 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (1)

from 0, < 1.10.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-8298
PATCHgithub.com/chakra-core/ChakraCore
WEBgithub.com/chakra-core/ChakraCore/commit/cb9957e2763c36dbd12afa5c9261465159e16c86
WEBgithub.com/chakra-core/ChakraCore/pull/5444