CVE-2017-0234: Improper Restriction of Operations within the Bounds of a Memory Buffer

May 17, 2022 (updated July 27, 2023)

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.

References

github.com/advisories/GHSA-6p7q-85qq-7c43
github.com/chakra-core/ChakraCore/commit/a1345ad48064921e8eb45fa0297ce405a7df14d3
github.com/chakra-core/ChakraCore/pull/2959
nvd.nist.gov/vuln/detail/CVE-2017-0234
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0234
web.archive.org/web/20210124044042/http://www.securityfocus.com/bid/98229
web.archive.org/web/20211019191652/http://www.securitytracker.com/id/1038431

Code Behaviors & Features

Detect and mitigate CVE-2017-0234 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →