CVE-2021-42279 - OpenCVE

Chakra Scripting Engine Memory Corruption Vulnerability

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 11 Windows 10 Windows Server 2022 Windows Server 2016 Windows Server 2019

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_10:20h2:::::::*
	cpe:2.3:o:microsoft:windows_10:21h1:::::::*
	cpe:2.3:o:microsoft:windows_10:1607:::::::*
	cpe:2.3:o:microsoft:windows_10:1809:::::::*
	cpe:2.3:o:microsoft:windows_10:1909:::::::*
	cpe:2.3:o:microsoft:windows_10:2004:::::::*
	cpe:2.3:o:microsoft:windows_11:-::::::arm64:
	cpe:2.3:o:microsoft:windows_11:-::::::x64:
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:20h2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:2004:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2022:-:::::::*

References

Link	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2021-11-10T00:47:07

Updated: 2024-05-29T14:47:41.589Z

Reserved: 2021-10-12T00:00:00

Link: CVE-2021-42279

JSON object: View

NVD Information

Status : Modified

Published: 2021-11-10T01:19:44.560

Modified: 2023-12-28T16:15:55.363

Link: CVE-2021-42279

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"title": "Chakra Scripting Engine Memory Corruption Vulnerability", "datePublic": "2021-11-09T08:00:00+00:00", "affected": [{"vendor": "Microsoft", "product": "ChakraCore", "cpes": [], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 21H1", "cpes": ["cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*"], "platforms": ["x64-based Systems", "32-bit Systems", "ARM64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19043.1348", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 11 version 21H2", "cpes": ["cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.22000.318", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2022", "cpes": ["cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.20348.350", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server version 20H2", "cpes": ["cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1348:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1348", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1909", "cpes": ["cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.18363.1916", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 20H2", "cpes": ["cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*"], "platforms": ["ARM64-based Systems", "32-bit Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19042.1348", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 2004", "cpes": ["cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19041.1348", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1507", "cpes": ["cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.10240.19119", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server version 2004", "cpes": ["cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.19041.1348", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1607", "cpes": ["cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*"], "platforms": ["32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.14393.4770", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2019", "cpes": ["cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.2300", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1809", "cpes": ["cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*", "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*"], "platforms": ["ARM64-based Systems", "32-bit Systems", "x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.17763.2300", "versionType": "custom", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Server 2016", "cpes": ["cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"], "platforms": ["x64-based Systems"], "versions": [{"version": "10.0.0", "lessThan": "10.0.14393.4770", "versionType": "custom", "status": "affected"}]}], "descriptions": [{"value": "Chakra Scripting Engine Memory Corruption Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-05-29T14:47:41.589Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "MEDIUM", "baseScore": 4.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C"}}]}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-42279", "datePublished": "2021-11-10T00:47:07", "dateReserved": "2021-10-12T00:00:00", "dateUpdated": "2024-05-29T14:47:41.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*", "matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Chakra Scripting Engine Memory Corruption Vulnerability"}, {"lang": "es", "value": "Una vulnerabilidad de corrupci\u00f3n de memoria en Chakra Scripting Engine"}], "id": "CVE-2021-42279", "lastModified": "2023-12-28T16:15:55.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "secure@microsoft.com", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-11-10T01:19:44.560", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}