CVE-2020-0768

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-0768

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-0768.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-0768

Aliases

GHSA-pfrg-w49c-8432

Withdrawn

2024-05-08T06:50:31.739579Z

Published

2020-03-12T16:15:14Z

Modified

2023-11-28T17:58:27.355651Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768

Affected packages

Git / github.com/chakra-core/chakracore

Affected ranges

Type: GIT
Repo: https://github.com/chakra-core/chakracore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

428e0474c0cb9423aaa02ea5fb49f1629f97918c

Type: GIT
Repo: https://github.com/microsoft/chakracore
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

428e0474c0cb9423aaa02ea5fb49f1629f97918c

Affected versions

v1.*

v1.10.0

v1.10.1

v1.10.2

v1.11.0

v1.11.1

v1.11.10

v1.11.11

v1.11.12

v1.11.13

v1.11.14

v1.11.15

v1.11.16

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.11.6

v1.11.7

v1.11.8

v1.11.9

v1.2.0.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5