VDB
CVE-2020-0970
CVE-2020-0970
PUBLISHED
CVSS 7.599999904632568 HIGH
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.
EPSS 38.32% · 97.3th percentile
Risk Scores
CVSS 2.0
7.599999904632568
EPSS Score
38.32%
97.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows Server 2019 | unspecified |
| Microsoft | ChakraCore | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systems | * |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systems | * |
| microsoft | chakracore | 0 |
| microsoft | edge | |
| NuGet | Microsoft.ChakraCore | 0 |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systems | unspecified |
| Microsoft | Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systems | unspecified |
Exploit Intelligence
Timeline
- Apr 15, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Nov 8, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Apr 19, 2023 EPSS Score
References
- https://portal.msrc.microsoft.com/fr-FR/security-guidance advisory
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0970 url
- https://nvd.nist.gov/vuln/detail/CVE-2020-0970 advisory
- https://github.com/chakra-core/ChakraCore/pull/6420 url
- https://github.com/chakra-core/ChakraCore/commit/892e45ff85ed4e3899371eca950a7fb4810bde37 url
- https://github.com/chakra-core/ChakraCore package