Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-9kxa-tcn4-g3gj
Vulnerability ID VCID-9kxa-tcn4-g3gj
Aliases CVE-2018-0934
GHSA-phcc-frh9-q545
Summary Out-of-bounds Write ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.85288 https://api.first.org/data/v1/epss?cve=CVE-2018-0934
cvssv3.1 7.5 https://github.com/chakra-core/ChakraCore
generic_textual HIGH https://github.com/chakra-core/ChakraCore
cvssv3.1 7.5 https://github.com/chakra-core/ChakraCore/commit/6d0f5de1e0331fd6dd4f1ee0c0032430bcb131c3
generic_textual HIGH https://github.com/chakra-core/ChakraCore/commit/6d0f5de1e0331fd6dd4f1ee0c0032430bcb131c3
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-0934
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2018-0934
cvssv3.1 7.5 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
generic_textual HIGH https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
cvssv3.1 7.5 https://web.archive.org/web/20210125205549/http://www.securityfocus.com/bid/103275
generic_textual HIGH https://web.archive.org/web/20210125205549/http://www.securityfocus.com/bid/103275
cvssv3.1 7.5 https://web.archive.org/web/20211026192005/http://www.securitytracker.com/id/1040507
generic_textual HIGH https://web.archive.org/web/20211026192005/http://www.securitytracker.com/id/1040507
cvssv3.1 7.5 https://www.exploit-db.com/exploits/44396
generic_textual HIGH https://www.exploit-db.com/exploits/44396
cvssv3.1 7.5 https://www.exploit-db.com/exploits/44397
generic_textual HIGH https://www.exploit-db.com/exploits/44397
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2018-0934
https://github.com/chakra-core/ChakraCore
https://github.com/chakra-core/ChakraCore/commit/6d0f5de1e0331fd6dd4f1ee0c0032430bcb131c3
https://web.archive.org/web/20210125205549/http://www.securityfocus.com/bid/103275
https://web.archive.org/web/20211026192005/http://www.securitytracker.com/id/1040507
https://www.exploit-db.com/exploits/44396
https://www.exploit-db.com/exploits/44396/
https://www.exploit-db.com/exploits/44397
https://www.exploit-db.com/exploits/44397/
http://www.securityfocus.com/bid/103275
http://www.securitytracker.com/id/1040507
CVE-2018-0934 Exploit https://bugs.chromium.org/p/project-zero/issues/detail?id=1503
CVE-2018-0934 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/dos/44397.js
CVE-2018-0934 https://nvd.nist.gov/vuln/detail/CVE-2018-0934
CVE-2018-0934 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
Data source Exploit-DB
Date added April 3, 2018
Description Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)
Ransomware campaign use Known
Source publication date April 3, 2018
Exploit type dos
Platform windows
Source update date April 4, 2018
Source URL https://bugs.chromium.org/p/project-zero/issues/detail?id=1503
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/chakra-core/ChakraCore/commit/6d0f5de1e0331fd6dd4f1ee0c0032430bcb131c3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-0934
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0934
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20210125205549/http://www.securityfocus.com/bid/103275
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://web.archive.org/web/20211026192005/http://www.securitytracker.com/id/1040507
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/44396
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/44397
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99376
EPSS Score 0.85288
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:37:35.481627+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2018-0934.yml 38.6.0