CVE-2020-0813 — Sensitive Information Exposure in Microsoft Chakracore

5 documents5 sources

Severity

7.5HIGHNVD

EPSS

9.2%

top 7.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Chakracore Microsoft Edge ON Windows 10 Version 1709 FOR 32-bit Systems Microsoft Edge ON Windows 10 Version 1709 FOR Arm64-based Systems +14 more

Timeline

PublishedMar 12

Latest updateMay 24

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the userâ€™s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages17 packages

▶CVEListV5microsoft/chakracoreunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_server_2019unspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1709_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1803_for_32-bit_systemsunspecified

▶CVEListV5microsoft/microsoft_edge_on_windows_10_version_1809_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

ChakraCore information disclosure vulnerability↗2022-05-24

▶

GHSA

ChakraCore information disclosure vulnerability↗2022-05-24

▶

CVEList

CVE-2020-0813: An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with infor↗2020-03-12

▶

📋Vendor Advisories

Microsoft

Scripting Engine Information Disclosure Vulnerability↗2020-03-10

▶