7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0831

GHSA ID

GHSA-h2xm-2p6w-mj2v

EPSS Score

0.87674%

CWE

CWE-787

Published

7/28/2021

Updated

2/1/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-0831

CVE-2020-0831: Out-of-bounds Write in ChakraCore

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0831

GHSA ID

GHSA-h2xm-2p6w-mj2v

EPSS Score

0.87674%

CWE

CWE-787

Published

7/28/2021

Updated

2/1/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.ChakraCore	nuget	< 1.11.17	1.11.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information describes an out-of-bounds write in ChakraCore (CVE-2020-0831) but does not include specific code references, GitHub patches, commit diffs, or function names. While the CWE-787 suggests memory corruption due to improper bounds checking, identifying the exact vulnerable functions requires analyzing the patched code or security bulletins detailing the affected code paths. Publicly available sources (NVD, GitHub Advisory) do not disclose technical specifics like function names or file paths. Historical ChakraCore vulnerabilities often involve JIT compiler optimizations or array handling, but without explicit evidence, high-confidence identification is impossible.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr**or* s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****, *V*-****-****, *V

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n out-o*-*oun*s writ* in ***kr**or* (*V*-****-****) *ut *o*s not in*lu** sp**i*i* *o** r***r*n**s, *it*u* p*t***s, *ommit *i**s, or *un*tion n*m*s. W*il* t** *W*-*** su***sts m*mory *orruption *u* to

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-0831: Out-of-bounds Write in ChakraCore

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI