CVE-2023-37140

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jul 18, 2023

Updated: Jul 27, 2023

CWE ID 400

Summary

CVE-2023-37140 is a newly disclosed vulnerability affecting ChakraCore, the open-source JavaScript engine. The issue lies within the Js::DiagScopeVariablesWalker::GetChildrenCount() function in the ChakraCore branch master cbb9b. This vulnerability leads to a segmentation violation, potentially enabling attackers to execute arbitrary code or cause denial-of-service conditions. The exact exploitation method and required privileges are not yet known, but affected users are urged to update their ChakraCore implementations as soon as possible to mitigate potential risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rz92n8
https://www.cve.org/CVERecord?id=CVE-2023-37140
https://nvd.nist.gov/vuln/detail/CVE-2023-37140

Back to Vulnerability Database

CVE-2023-37140

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations