Miggo Logo

CVE-2020-1180: Remote code execution in ChakraCore

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.82759%
Published
8/2/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyC#

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
Microsoft.ChakraCorenuget< 1.11.221.11.22

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided information does not include the specific code changes from the GitHub commit (240aabe) or detailed patch diffs. While the CWE-787 (Out-of-bounds Write) and vulnerability context suggest potential issues in functions handling memory operations (e.g., TypedArray, DataView, or JIT compiler functions), the lack of explicit code or patch details prevents high-confidence identification of the exact vulnerable functions. Publicly available sources like the GitHub PR and NVD descriptions do not disclose the precise functions modified to address CVE-2020-1180.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in t** w*y t**t t** ***kr**or* s*riptin* *n*in* **n*l*s o*j**ts in m*mory, *k* 'S*riptin* *n*in* M*mory *orruption Vuln*r**ility'. T*is *V* I* is uniqu* *rom *V*-****-****, *V*-****-****.

Reasoning

T** provi*** in*orm*tion *o*s not in*lu** t** sp**i*i* *o** ***n**s *rom t** *it*u* *ommit (*******) or **t*il** p*t** *i**s. W*il* t** *W*-*** (Out-o*-*oun*s Writ*) *n* vuln*r**ility *ont*xt su***st pot*nti*l issu*s in *un*tions **n*lin* m*mory op*r