CVE-2020-0813
Last modified
CVE-2020-0813 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.. EPSS estimates a 5.33% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Chakracore | All versions |
| Microsoft | Edge | All versions |
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813Patch, Vendor Advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-0813?
How severe is CVE-2020-0813?
How do I fix CVE-2020-0813?
Are you affected by CVE-2020-0813?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST