ChakraCore information disclosure vulnerability

GHSA-vvvh-5xrm-pxff · CVE-2020-0813

Published May 24, 2022 · Modified Nov 28, 2024

Description

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.The update addresses the vulnerability by changing the way certain functions handle objects in memory., aka 'Scripting Engine Information Disclosure Vulnerability'.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-0813
WEB https://github.com/chakra-core/ChakraCore/pull/6385
WEB https://github.com/chakra-core/ChakraCore/pull/6385/commits/e6abd1d110442e6357351c23a7f882f83e4bbe4d
WEB https://github.com/chakra-core/ChakraCore
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0813

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes