CVE-2020-0830Out-of-bounds Write in Microsoft Chakracore

CWE-787Out-of-bounds Write16 documents5 sources
Severity
7.5HIGHNVD
EPSS
8.2%
top 7.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
31
Microsoft ChakracoreMicrosoft Internet Explorer 11Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR 32-bit Systems+28 more
Timeline
PublishedMar 12
Latest updateAug 2

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages32 packages

NVDmicrosoft/chakracore< 1.11.17
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/internet_explorer_1122 versions+21

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

14
GHSA
Out-of-bounds write in ChakraCore2021-08-02
OSV
Out-of-bounds write in ChakraCore2021-07-28
GHSA
Out-of-bounds write in ChakraCore2021-07-28
GHSA
Out-of-bounds Write in ChakraCore2021-07-28
GHSA
Out-of-bounds write in ChakraCore2021-07-28

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2020-03-10
CVE-2020-0830 — Out-of-bounds Write in Microsoft | cvebase