Miggo Logo
Miggo Vulnerability Database
CVE-2020-0832

CVE-2020-0832:
Out-of-bounds write in ChakraCore

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-0832
GHSA ID
GHSA-2qgv-2cv4-g4cg
EPSS Score
0.84628%
CWE
CWE-787
Published
7/28/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.171.11.17

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information lacks concrete technical details such as commit diffs, patch descriptions, or specific code references. While the CWE-787 (Out-of-bounds Write) suggests potential issues in memory operations (e.g., array handling, JIT compiler optimizations, or object property management), the absence of explicit function names, file paths, or code snippets in the advisory sources prevents high-confidence identification of specific vulnerable functions. ChakraCore's JIT compiler and runtime array operations are common candidates for such vulnerabilities, but without direct evidence from patches or technical write-ups, no functions can be definitively pinpointed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Int*rn*t *xplor*r, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****, *V*-***

Reasoning

T** provi*** vuln*r**ility in*orm*tion l**ks *on*r*t* t***ni**l **t*ils su** *s *ommit *i**s, p*t** **s*riptions, or sp**i*i* *o** r***r*n**s. W*il* t** *W*-*** (Out-o*-*oun*s Writ*) su***sts pot*nti*l issu*s in m*mory op*r*tions (*.*., *rr*y **n*lin