Miggo Logo

CVE-2020-0768: Out-of-bounds write in ChakraCore

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.86747%
Published
8/2/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.171.11.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information describes an out-of-bounds write in ChakraCore (CVE-2020-0768) but does not include specific technical details about the vulnerable code paths, commit diffs, or patched functions. While the CWE-787 classification indicates a memory corruption issue in object handling, Microsoft's advisory and NVD/CVE descriptions lack concrete references to function names, file paths, or implementation details required to identify specific vulnerable functions. Without access to the GitHub patch details, commit history, or ChakraCore source code analysis demonstrating the faulty code location, we cannot confidently map this vulnerability to specific functions with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t** s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Mi*roso*t *rows*rs, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****, *V*-****-**

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n out-o*-*oun*s writ* in ***kr**or* (*V*-****-****) *ut *o*s not in*lu** sp**i*i* t***ni**l **t*ils **out t** vuln*r**l* *o** p*t*s, *ommit *i**s, or p*t**** *un*tions. W*il* t** *W*-*** *l*ssi*i**tio