Critical severity9.8NVD Advisory· Published May 15, 2017· Updated May 13, 2026

CVE-2017-0223

Description

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
Microsoft.ChakraCoreNuGet	< 1.4.4	1.4.4

Affected products

Microsoft/Edge
cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
Microsoft Corporation/Chakra Corev5
Range: n/a

Patches

f74773f4520a

[CVE-2017-0223] Fix right paren location calculation for lambda with assignment expression

https://github.com/chakra-core/ChakraCoreTaylor WollMar 16, 2017via ghsa

commit

2 files changed · +24 −1

lib/Parser/Parse.cpp+1 −1 modified

@@ -8440,7 +8440,7 @@ ParseNodePtr Parser::ParseExpr(int oplMin,
         {
             // Parse the operand, make a new node, and look for more
             IdentToken token;
-            pnodeT = ParseExpr<buildAST>(opl, NULL, fAllowIn, FALSE, pNameHint, &hintLength, &hintOffset, &token);
+            pnodeT = ParseExpr<buildAST>(opl, NULL, fAllowIn, FALSE, pNameHint, &hintLength, &hintOffset, &token, false, nullptr, plastRParen);
 
             // Detect nested function escapes of the pattern "o.f = function(){...}" or "o[s] = function(){...}".
             // Doing so in the parser allows us to disable stack-nested-functions in common cases where an escape

test/es6/lambda1.js+23 −0 modified

@@ -477,6 +477,29 @@ var tests = [
             var l = async() => (async() => ('str'));

             assert.areEqual("async() => (async() => ('str'))", '' + l, "Nested async lambda should be correct");

         }

+    },

+    {

+        name: "Lambda consisting of assignment expression should have correct source string",

+        body: function () {

+            var l = () => a = (123)

+            assert.areEqual('() => a = (123)', '' + l, "Lambda to string should include the parens wrapping the return expression");

+            

+            var l = () => a = (('๏บบ'))

+            assert.areEqual("() => a = (('๏บบ'))", '' + l, "Multi-byte characters should not break the string");

+            

+            var s = "() => a = ('\u{20ac}')";

+            var l = eval(s);

+            assert.areEqual(s, '' + l, "Unicode byte sequences should not break the string");

+            

+            var l = async() => a = ({});

+            assert.areEqual('async() => a = ({})', '' + l, "Async lambda should also be correct");

+            

+            var l = () => a = (() => b = (123))

+            assert.areEqual('() => a = (() => b = (123))', '' + l, "Nested lambda to string should be correct");

+            

+            var l = async() => a = (async() => b = ('str'));

+            assert.areEqual("async() => a = (async() => b = ('str'))", '' + l, "Nested async lambda should be correct");

+        }

     }

 ];

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/Microsoft/ChakraCore/pull/2959nvdPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-448h-7hmp-99fgghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-0223ghsaADVISORY
github.com/chakra-core/ChakraCore/commit/f74773f4520adff6b70a7d445417aa9769f61fa6ghsaWEB
github.com/chakra-core/ChakraCore/pull/2959ghsaWEB
web.archive.org/web/20210124184849/http://www.securitytracker.com/id/1038425ghsaWEB
www.securitytracker.com/id/1038425nvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.029
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000