CVE-2020-0813
HIGHChakraCore - Information Disclosure via Memory Handling
Title source: llmDescription
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813
Scores
CVSS v3
7.5
EPSS
0.0920
EPSS Percentile
92.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (3)
microsoft/chakracore
microsoft/edge
nuget/Microsoft.ChakraCore
0 - 1.11.17NuGet
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026