VYPR
← All advisories
High severity7.5NVD Advisory· Published Nov 15, 2017· Updated May 13, 2026

CVE-2017-11862

CVE-2017-11862

Description

ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.7.41.7.4

Affected products

3
  • Microsoft/Chakracore
    cpe:2.3:a:microsoft:chakracore:-:*:*:*:*:*:*:*
  • Microsoft/Edge
    cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
  • Microsoft Corporation/ChakraCore, Microsoft Edgev5
    Range: Windows 10 1709 and Windows Server, version 1709.

Patches

1
66d733b9adeb

[CVE-2017-11862] [ChakraCore] Type confusion in module exports - Individual

https://github.com/chakra-core/ChakraCoreAkrosh GandhiNov 10, 2017via ghsa
commit
1 file changed · +15 10
  • lib/Parser/Parse.cpp+15 10 modified
    @@ -2505,7 +2505,7 @@ ModuleImportOrExportEntry* Parser::AddModuleImportOrExportEntry(ModuleImportOrEx
 
 void Parser::AddModuleLocalExportEntry(ParseNodePtr varDeclNode)
 {
-    Assert(varDeclNode->nop == knopVarDecl || varDeclNode->nop == knopLetDecl || varDeclNode->nop == knopConstDecl);
+    AssertOrFailFast(varDeclNode->nop == knopVarDecl || varDeclNode->nop == knopLetDecl || varDeclNode->nop == knopConstDecl);
 
     IdentPtr localName = varDeclNode->sxVar.pid;
     varDeclNode->sxVar.sym->SetIsModuleExportStorage(true);
@@ -3014,15 +3014,19 @@ ParseNodePtr Parser::ParseExportDeclaration(bool *needTerminator)
 
             if (buildAST)
             {
-                ParseNodePtr temp = pnode;
-                while (temp->nop == knopList)
-                {
-                    ParseNodePtr varDeclNode = temp->sxBin.pnode1;
-                    temp = temp->sxBin.pnode2;
-
-                    AddModuleLocalExportEntry(varDeclNode);
-                }
-                AddModuleLocalExportEntry(temp);
+                ForEachItemInList(pnode, [&](ParseNodePtr item) {
+                    if (item->nop == knopAsg)
+                    {
+                        Parser::MapBindIdentifier(item, [&](ParseNodePtr subItem)
+                        {
+                            AddModuleLocalExportEntry(subItem);
+                        });
+                    }
+                    else
+                    {
+                        AddModuleLocalExportEntry(item);
+                    }
+                });
             }
         }
         break;
@@ -12966,6 +12970,7 @@ ParseNodePtr Parser::ParseDestructuredInitializer(ParseNodePtr lhsNode,
         pnodeDestructAsg = CreateNodeWithScanner<knopAsg>();
         pnodeDestructAsg->sxBin.pnode1 = lhsNode;
         pnodeDestructAsg->sxBin.pnode2 = pnodeDefault;
+        pnodeDestructAsg->sxBin.pnodeNext = nullptr;
         pnodeDestructAsg->ichMin = lhsNode->ichMin;
         pnodeDestructAsg->ichLim = pnodeDefault->ichLim;
     }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

9

News mentions

0

No linked articles in our index yet.