{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40589?format=json","vulnerability_id":"VCID-4yhp-44tx-nbh1","summary":"Out-of-bounds Write\nA remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.","aliases":[{"alias":"CVE-2019-0539"},{"alias":"GHSA-3w4v-qfqc-3433"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150810?format=json","purl":"pkg:nuget/Microsoft.ChakraCore@1.11.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17w1-5t1v-4kff"},{"vulnerability":"VCID-17w6-s2wv-qba4"},{"vulnerability":"VCID-1xvg-d68g-83ff"},{"vulnerability":"VCID-2n5v-mke8-fbgu"},{"vulnerability":"VCID-31cx-9d7s-7fhx"},{"vulnerability":"VCID-367j-fhnf-dfbn"},{"vulnerability":"VCID-36ck-4uuw-fbeq"},{"vulnerability":"VCID-36zy-vxpq-ebgj"},{"vulnerability":"VCID-3fch-6tev-nybc"},{"vulnerability":"VCID-436y-v35a-mkc3"},{"vulnerability":"VCID-4gds-1a3w-mbaf"},{"vulnerability":"VCID-4jw9-zwav-ukcd"},{"vulnerability":"VCID-4ue8-z2ru-4qfq"},{"vulnerability":"VCID-4vs6-cmfh-5kcn"},{"vulnerability":"VCID-4wv2-madk-h3hs"},{"vulnerability":"VCID-5bg3-mxuq-93af"},{"vulnerability":"VCID-5men-95qp-7uay"},{"vulnerability":"VCID-5u6k-t96g-1uf1"},{"vulnerability":"VCID-5uhu-4eee-dkfc"},{"vulnerability":"VCID-61nr-bz5m-sba3"},{"vulnerability":"VCID-6e2x-jpst-2uap"},{"vulnerability":"VCID-6myn-e1rr-ufca"},{"vulnerability":"VCID-6tcu-txtu-u3ej"},{"vulnerability":"VCID-6ts3-98bc-1fh4"},{"vulnerability":"VCID-6ujv-35uz-hqbe"},{"vulnerability":"VCID-74es-h3es-tuea"},{"vulnerability":"VCID-76wt-pptq-yuf5"},{"vulnerability":"VCID-7aaz-s9sc-bya1"},{"vulnerability":"VCID-7htw-uznd-e7e4"},{"vulnerability":"VCID-7xa6-9phe-1bhr"},{"vulnerability":"VCID-88ge-vc6p-kkgf"},{"vulnerability":"VCID-8e71-ekze-c7a6"},{"vulnerability":"VCID-8jab-mh9u-uuf7"},{"vulnerability":"VCID-8ums-z8cj-f7eg"},{"vulnerability":"VCID-8x8m-rvgq-gbf1"},{"vulnerability":"VCID-973h-tuxs-e3ax"},{"vulnerability":"VCID-9dp4-8238-63a7"},{"vulnerability":"VCID-9qqa-hzyr-23ex"},{"vulnerability":"VCID-a7js-b43t-rfdc"},{"vulnerability":"VCID-atn9-g7ky-1bex"},{"vulnerability":"VCID-bdrq-3src-4bh3"},{"vulnerability":"VCID-bfpu-b6h6-yqba"},{"vulnerability":"VCID-bqev-84c9-2bdt"},{"vulnerability":"VCID-c2rx-c4w9-d3fe"},{"vulnerability":"VCID-c4a3-9yyr-53du"},{"vulnerability":"VCID-c5ja-nzs7-kug9"},{"vulnerability":"VCID-cds4-1scr-muc4"},{"vulnerability":"VCID-d5dd-b6re-kfcr"},{"vulnerability":"VCID-d7tq-rdtb-qbgt"},{"vulnerability":"VCID-dddf-j2v3-jbac"},{"vulnerability":"VCID-e2bn-6ucv-fucd"},{"vulnerability":"VCID-ekug-fvtn-3qcv"},{"vulnerability":"VCID-eumg-61kj-sfg2"},{"vulnerability":"VCID-eute-6mw8-xbfd"},{"vulnerability":"VCID-eyq8-75rj-9bhn"},{"vulnerability":"VCID-fg48-sak7-5uem"},{"vulnerability":"VCID-fxrs-bakn-1bfg"},{"vulnerability":"VCID-fy4b-bjke-7uf5"},{"vulnerability":"VCID-gch5-djz8-bfhr"},{"vulnerability":"VCID-gh38-ssv6-m3am"},{"vulnerability":"VCID-gh52-u7cx-mudx"},{"vulnerability":"VCID-gt5q-77u9-b3bg"},{"vulnerability":"VCID-h1dx-3pfc-47e8"},{"vulnerability":"VCID-heb9-gz3z-5bf1"},{"vulnerability":"VCID-hkqu-2mv4-nbff"},{"vulnerability":"VCID-hpyh-gnpg-e7g7"},{"vulnerability":"VCID-j1yk-y75u-ybc2"},{"vulnerability":"VCID-j42w-gmza-vuaj"},{"vulnerability":"VCID-jbxs-r88s-ffca"},{"vulnerability":"VCID-jvu4-fttu-vqbw"},{"vulnerability":"VCID-jx13-5c1x-z3fq"},{"vulnerability":"VCID-k1eq-drg4-hubf"},{"vulnerability":"VCID-k8jf-jm72-jkab"},{"vulnerability":"VCID-ksty-fpaz-p3g9"},{"vulnerability":"VCID-m8j2-x953-7fcn"},{"vulnerability":"VCID-maq3-4mu9-3kaf"},{"vulnerability":"VCID-mwqc-f5kr-kkhf"},{"vulnerability":"VCID-mycx-3wzv-sqgs"},{"vulnerability":"VCID-nmrh-vecc-5ffd"},{"vulnerability":"VCID-ny33-2muh-ryaf"},{"vulnerability":"VCID-prdx-1uzt-57hn"},{"vulnerability":"VCID-q34w-zm56-wfgd"},{"vulnerability":"VCID-q7g9-336k-zqch"},{"vulnerability":"VCID-qsfh-5z2t-1kaa"},{"vulnerability":"VCID-qvd3-jhzp-cufb"},{"vulnerability":"VCID-rbpf-56qy-gfgd"},{"vulnerability":"VCID-rcy6-c6wy-dbfe"},{"vulnerability":"VCID-rk1q-c5dz-vkgp"},{"vulnerability":"VCID-rmkx-d954-gfey"},{"vulnerability":"VCID-rqah-64cs-ffa9"},{"vulnerability":"VCID-ruz6-cvvm-t7gd"},{"vulnerability":"VCID-s6tu-qk8r-73dm"},{"vulnerability":"VCID-sxhq-hbuz-n7g6"},{"vulnerability":"VCID-t7an-hsmw-s3f3"},{"vulnerability":"VCID-thsq-abfa-37en"},{"vulnerability":"VCID-tx13-dy95-tbaw"},{"vulnerability":"VCID-u2vx-qjca-63dz"},{"vulnerability":"VCID-u3w9-3xea-mqgk"},{"vulnerability":"VCID-udkj-r6hr-kfbm"},{"vulnerability":"VCID-uktz-ff73-hkbf"},{"vulnerability":"VCID-w1mv-6p24-xbd9"},{"vulnerability":"VCID-w5ez-ps57-afgg"},{"vulnerability":"VCID-w771-z7gh-sudd"},{"vulnerability":"VCID-wqmf-44en-bkhq"},{"vulnerability":"VCID-xgn4-t4hw-tkba"},{"vulnerability":"VCID-yb1f-mred-tyc8"},{"vulnerability":"VCID-yjh2-4qcm-6fcp"},{"vulnerability":"VCID-ykp3-zww3-2kgd"},{"vulnerability":"VCID-yz2r-ckb1-7ucj"},{"vulnerability":"VCID-z1vc-213w-jffs"},{"vulnerability":"VCID-zk3h-kan5-53d7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/Microsoft.ChakraCore@1.11.5"}],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0539","reference_id":"","reference_type":"","scores":[{"value":"0.9095","scoring_system":"epss","scoring_elements":"0.99649","published_at":"2026-06-08T12:55:00Z"},{"value":"0.9095","scoring_system":"epss","scoring_elements":"0.9965","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0539"},{"reference_url":"https://github.com/chakra-core/ChakraCore","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chakra-core/ChakraCore"},{"reference_url":"https://github.com/chakra-core/ChakraCore/commit/788f17b0ce06ea84553b123c174d1ff7052112a0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/chakra-core/ChakraCore/commit/788f17b0ce06ea84553b123c174d1ff7052112a0"},{"reference_url":"https://web.archive.org/web/20210124231213/http://www.securityfocus.com/bid/106401","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210124231213/http://www.securityfocus.com/bid/106401"},{"reference_url":"https://www.exploit-db.com/exploits/46203","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46203"},{"reference_url":"https://www.exploit-db.com/exploits/46203/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46203/"},{"reference_url":"https://www.exploit-db.com/exploits/46204","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46204"},{"reference_url":"https://www.exploit-db.com/exploits/46204/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46204/"},{"reference_url":"https://www.exploit-db.com/exploits/46485","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.exploit-db.com/exploits/46485"},{"reference_url":"https://www.exploit-db.com/exploits/46485/","reference_id":"","reference_type":"","scores":[],"url":"https://www.exploit-db.com/exploits/46485/"},{"reference_url":"http://www.securityfocus.com/bid/106401","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106401"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1703&desc=2","reference_id":"CVE-2019-0539","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1703&desc=2"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46204.js","reference_id":"CVE-2019-0539","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46204.js"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46485.html","reference_id":"CVE-2019-0539","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46485.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0539","reference_id":"CVE-2019-0539","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0539"},{"reference_url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0539","reference_id":"CVE-2019-0539","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0539"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1702","reference_id":"CVE-2019-0567;CVE-2019-0539","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1702"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46203.txt","reference_id":"CVE-2019-0567;CVE-2019-0539","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/46203.txt"},{"reference_url":"https://github.com/advisories/GHSA-3w4v-qfqc-3433","reference_id":"GHSA-3w4v-qfqc-3433","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w4v-qfqc-3433"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":787,"name":"Out-of-bounds Write","description":"The product writes data past the end, or before the beginning, of the intended buffer."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[{"date_added":"2019-03-04","description":"Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":false,"source_date_published":"2019-03-04","exploit_type":"dos","platform":"windows","source_date_updated":"2019-03-04","data_source":"Exploit-DB","source_url":""}],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4yhp-44tx-nbh1"}