CVE-2020-0832: Out-of-bounds write in ChakraCore
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.84628%
CWE
Published
7/28/2021
Updated
2/1/2023
KEV Status
No
Technology
C#
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
Microsoft.ChakraCore | nuget | < 1.11.17 | 1.11.17 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information lacks concrete technical details such as commit diffs, patch descriptions, or specific code references. While the CWE-787 (Out-of-bounds Write) suggests potential issues in memory operations (e.g., array handling, JIT compiler optimizations, or object property management), the absence of explicit function names, file paths, or code snippets in the advisory sources prevents high-confidence identification of specific vulnerable functions. ChakraCore
's JIT compiler and runtime array operations are common candidates for such vulnerabilities, but without direct evidence from patches or technical write-ups, no functions can be definitively pinpointed.