{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16344?format=json","vulnerability_id":"VCID-a7h5-yp8s-kyge","summary":"Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability,\" a different vulnerability than CVE-2016-3350.","aliases":[{"alias":"CVE-2016-3377"},{"alias":"GHSA-wv44-9w69-w43j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61841?format=json","purl":"pkg:nuget/Microsoft.ChakraCore@1.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18bt-p9bu-7kcg"},{"vulnerability":"VCID-18cy-ef2d-sfgs"},{"vulnerability":"VCID-193r-rk9b-73a7"},{"vulnerability":"VCID-19s3-6hk5-zydp"},{"vulnerability":"VCID-1d4d-6ycn-kfbg"},{"vulnerability":"VCID-1fvy-afaq-7ffz"},{"vulnerability":"VCID-1hm4-8j3z-gbe8"},{"vulnerability":"VCID-1mqn-qxsq-gfb5"},{"vulnerability":"VCID-1txb-sjay-ukfb"},{"vulnerability":"VCID-1xh6-cjvx-4bej"},{"vulnerability":"VCID-1xjh-99vu-vyf6"},{"vulnerability":"VCID-27q5-85wq-ayhx"},{"vulnerability":"VCID-2jw8-vq79-3yc4"},{"vulnerability":"VCID-2ry8-tv1k-pyb3"},{"vulnerability":"VCID-2x6n-tg25-wkc4"},{"vulnerability":"VCID-3r3s-nrc8-sbe6"},{"vulnerability":"VCID-431z-8875-d7fr"},{"vulnerability":"VCID-46f5-3qcs-ckcw"},{"vulnerability":"VCID-4jw5-n3pz-zuhf"},{"vulnerability":"VCID-4kr2-wf77-nug4"},{"vulnerability":"VCID-4n9b-ptn2-3ugd"},{"vulnerability":"VCID-4rr8-ter6-7yaw"},{"vulnerability":"VCID-523x-9n5w-rqc2"},{"vulnerability":"VCID-532u-w1p6-rycx"},{"vulnerability":"VCID-54xz-xw4u-xqh9"},{"vulnerability":"VCID-558y-9j3b-fyd3"},{"vulnerability":"VCID-5s8e-w8mp-xydh"},{"vulnerability":"VCID-63zg-je8v-2yh6"},{"vulnerability":"VCID-66rk-gaz2-x7et"},{"vulnerability":"VCID-6yew-52pk-nfe9"},{"vulnerability":"VCID-6zfw-kag6-sfhq"},{"vulnerability":"VCID-7sqx-g2jn-9yds"},{"vulnerability":"VCID-7trr-1jwb-zufw"},{"vulnerability":"VCID-7z5t-cth2-ybe1"},{"vulnerability":"VCID-8jd7-9g2p-xqec"},{"vulnerability":"VCID-8jqz-9eaj-mfaj"},{"vulnerability":"VCID-8swk-fket-wkes"},{"vulnerability":"VCID-99dg-rm43-9qef"},{"vulnerability":"VCID-9u2d-1vj5-sfbf"},{"vulnerability":"VCID-9v8t-kbf9-yye5"},{"vulnerability":"VCID-ahe3-4w9p-xfba"},{"vulnerability":"VCID-b6wu-ubuv-jqeg"},{"vulnerability":"VCID-bmba-t3ga-fuh6"},{"vulnerability":"VCID-brne-zr1j-zqdz"},{"vulnerability":"VCID-btua-a1pr-mbbe"},{"vulnerability":"VCID-busw-m81p-67ch"},{"vulnerability":"VCID-cmad-nxc3-3ugn"},{"vulnerability":"VCID-dc3y-6mb9-6fe1"},{"vulnerability":"VCID-dcer-1uh1-a7h9"},{"vulnerability":"VCID-e1b9-bq4b-9fh7"},{"vulnerability":"VCID-eygy-bzey-7yaq"},{"vulnerability":"VCID-f8m6-a9a9-juhw"},{"vulnerability":"VCID-fedc-anrx-ufg2"},{"vulnerability":"VCID-fj84-9g1p-vfa5"},{"vulnerability":"VCID-fxfn-jq82-n3fy"},{"vulnerability":"VCID-fzjt-qse7-kbd5"},{"vulnerability":"VCID-ggf4-u8qd-eff7"},{"vulnerability":"VCID-gvr1-zbs9-sffy"},{"vulnerability":"VCID-gyyj-1jxm-vfbu"},{"vulnerability":"VCID-hagb-nxwq-tbg3"},{"vulnerability":"VCID-hbcj-83rp-jbd4"},{"vulnerability":"VCID-hcfa-1wq4-wyga"},{"vulnerability":"VCID-hdpy-kfn8-sbba"},{"vulnerability":"VCID-je2z-mcvk-gqhp"},{"vulnerability":"VCID-jerx-5eyv-ebeq"},{"vulnerability":"VCID-jmx4-vvk4-ykdk"},{"vulnerability":"VCID-kbee-zr5j-hkat"},{"vulnerability":"VCID-keaw-uz84-9qer"},{"vulnerability":"VCID-kua2-9yb8-gkgq"},{"vulnerability":"VCID-mczu-b3e6-5bgb"},{"vulnerability":"VCID-me7g-49jk-63c2"},{"vulnerability":"VCID-mksq-kg9m-uqdz"},{"vulnerability":"VCID-mm2r-t2rz-7ygp"},{"vulnerability":"VCID-mmba-qzvj-37df"},{"vulnerability":"VCID-mnd4-84rp-mbb4"},{"vulnerability":"VCID-mpe4-db65-4qab"},{"vulnerability":"VCID-mqsb-hzpy-5ygv"},{"vulnerability":"VCID-ncbk-mcwh-3fa3"},{"vulnerability":"VCID-nd4s-mcgx-s3bs"},{"vulnerability":"VCID-nh3m-s7fe-bqek"},{"vulnerability":"VCID-njsb-3b47-77hk"},{"vulnerability":"VCID-nn2u-snsx-83hq"},{"vulnerability":"VCID-nypa-dv6a-aydu"},{"vulnerability":"VCID-nyyv-c55j-pyea"},{"vulnerability":"VCID-pusx-pa1h-yyfu"},{"vulnerability":"VCID-pxev-85t8-fug6"},{"vulnerability":"VCID-pyt1-g2tu-eqb4"},{"vulnerability":"VCID-qgsm-c5dq-bfb8"},{"vulnerability":"VCID-qndq-e3vk-ybeu"},{"vulnerability":"VCID-qwbu-jvxv-bbej"},{"vulnerability":"VCID-qxax-card-uyfy"},{"vulnerability":"VCID-r16a-n5nn-nybp"},{"vulnerability":"VCID-rffd-vnyj-puc3"},{"vulnerability":"VCID-rkns-keya-cyfj"},{"vulnerability":"VCID-rnva-ys32-7kbu"},{"vulnerability":"VCID-rxgn-xep7-fya7"},{"vulnerability":"VCID-ry6a-46j6-ybgk"},{"vulnerability":"VCID-saxs-fd9n-cyem"},{"vulnerability":"VCID-shdw-sqhu-v3aa"},{"vulnerability":"VCID-sqfw-zhmk-mkbe"},{"vulnerability":"VCID-st54-u8tz-33gs"},{"vulnerability":"VCID-t8bg-6rsw-ebf8"},{"vulnerability":"VCID-tnh1-zjdq-6qhd"},{"vulnerability":"VCID-tnhg-2f5h-cfaa"},{"vulnerability":"VCID-tpdy-ttbh-5kh6"},{"vulnerability":"VCID-udcs-da57-q7hs"},{"vulnerability":"VCID-uwda-x8ud-b7ht"},{"vulnerability":"VCID-v4er-vyja-qffa"},{"vulnerability":"VCID-v7k3-6juv-47gr"},{"vulnerability":"VCID-vk99-umu1-2bag"},{"vulnerability":"VCID-vser-kewx-akh4"},{"vulnerability":"VCID-vx2e-zgfx-dkau"},{"vulnerability":"VCID-vxjj-cqyk-w3hd"},{"vulnerability":"VCID-w2kf-rnn3-huc8"},{"vulnerability":"VCID-wevg-rszb-9ufb"},{"vulnerability":"VCID-wjjc-1wyd-87fp"},{"vulnerability":"VCID-x6wa-636e-zugv"},{"vulnerability":"VCID-xcd3-cznv-xuc8"},{"vulnerability":"VCID-xk96-csb5-syac"},{"vulnerability":"VCID-xkm6-uy8d-x3cq"},{"vulnerability":"VCID-y3z3-emkf-bug3"},{"vulnerability":"VCID-yabf-1cc1-v7dk"},{"vulnerability":"VCID-yc6q-h53h-9khy"},{"vulnerability":"VCID-z2u9-jd5w-rkb5"},{"vulnerability":"VCID-z6hg-axpc-1qht"},{"vulnerability":"VCID-z6nc-29bh-77h9"},{"vulnerability":"VCID-z8aj-6xyd-fkfq"},{"vulnerability":"VCID-zptc-hpne-x7at"},{"vulnerability":"VCID-zqb9-5v29-xbc6"},{"vulnerability":"VCID-ztbp-3phk-zkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.2.1"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3377","reference_id":"","reference_type":"","scores":[{"value":"0.15905","scoring_system":"epss","scoring_elements":"0.94866","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3377"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105","reference_id":"","reference_type":"","scores":[],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-105"},{"reference_url":"https://github.com/chakra-core/ChakraCore/commit/24c4d7df8199b27d360323ce3be1d7959fd918eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/chakra-core/ChakraCore/commit/24c4d7df8199b27d360323ce3be1d7959fd918eb"},{"reference_url":"https://github.com/chakra-core/ChakraCore/issues/6289","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/chakra-core/ChakraCore/issues/6289"},{"reference_url":"https://web.archive.org/web/20210123044830/http://www.securitytracker.com/id/1036789","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123044830/http://www.securitytracker.com/id/1036789"},{"reference_url":"https://web.archive.org/web/20210123164626/http://www.securityfocus.com/bid/92797","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123164626/http://www.securityfocus.com/bid/92797"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3377","reference_id":"CVE-2016-3377","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3377"},{"reference_url":"https://github.com/advisories/GHSA-wv44-9w69-w43j","reference_id":"GHSA-wv44-9w69-w43j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wv44-9w69-w43j"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":119,"name":"Improper Restriction of Operations within the Bounds of a Memory Buffer","description":"The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer."},{"cwe_id":78,"name":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","description":"The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7h5-yp8s-kyge"}