CVE-2020-0832
Out-of-bounds write in ChakraCore
7.5
HIGH
CVSS 3.1
EPSS 3.3%
Description
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.
How to fix CVE-2020-0832
To remediate CVE-2020-0832, upgrade the affected package to a fixed version below.
- —upgrade to 1.11.17 or later
Is CVE-2020-0832 being exploited?
Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.11.17
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |