7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0832

GHSA ID

GHSA-2qgv-2cv4-g4cg

EPSS Score

0.84628%

CWE

CWE-787

Published

7/28/2021

Updated

2/1/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-0832

CVE-2020-0832: Out-of-bounds write in ChakraCore

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.

(GitHub Advisory)

7.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0832

GHSA ID

GHSA-2qgv-2cv4-g4cg

EPSS Score

0.84628%

CWE

CWE-787

Published

7/28/2021

Updated

2/1/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.ChakraCore	nuget	< 1.11.17	1.11.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information lacks concrete technical details such as commit diffs, patch descriptions, or specific code references. While the CWE-787 (Out-of-bounds Write) suggests potential issues in memory operations (e.g., array handling, JIT compiler optimizations, or object property management), the absence of explicit function names, file paths, or code snippets in the advisory sources prevents high-confidence identification of specific vulnerable functions. ChakraCore's JIT compiler and runtime array operations are common candidates for such vulnerabilities, but without direct evidence from patches or technical write-ups, no functions can be definitively pinpointed.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** s*riptin* *n*in* **n*l*s o*j**ts in m*mory in Int*rn*t *xplor*r, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****, *V*-***

Reasoning

T** provi*** vuln*r**ility in*orm*tion l**ks *on*r*t* t***ni**l **t*ils su** *s *ommit *i**s, p*t** **s*riptions, or sp**i*i* *o** r***r*n**s. W*il* t** *W*-*** (Out-o*-*oun*s Writ*) su***sts pot*nti*l issu*s in m*mory op*r*tions (*.*., *rr*y **n*lin

7.5

Basic Information

Concerned about an active attack path?

CVE-2020-0832: Out-of-bounds write in ChakraCore

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI