CVE-2020-0830

HIGH7.5EPSS 8.2%

Out-of-bounds write in ChakraCore

Published: 7/28/2021Modified: 11/8/2023

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

Affected packages (1)

NuGet/Microsoft.ChakraCorefrom 0, < 1.11.17

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-0830
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0830