VYPR
← All advisories
High severityNVD Advisory· Published Mar 12, 2020· Updated Aug 4, 2024

CVE-2020-0831

CVE-2020-0831

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ChakraCore scripting engine memory corruption vulnerability allows remote code execution when processing objects in memory.

Vulnerability

Overview

CVE-2020-0831 is a remote code execution vulnerability in the ChakraCore scripting engine that stems from how it handles objects in memory. This is classified as a memory corruption issue, where improper management of object memory can lead to exploitable conditions [1]. The vulnerability is part of a large batch of similar issues patched in March 2020, distinct from CVEs such as CVE-2020-0768, CVE-2020-0823, and many others [1].

Exploitation

An attacker can exploit this vulnerability by crafting a specially designed web page or document that, when processed by a browser or application using ChakraCore (e.g., Microsoft Edge Legacy or some Electron apps), triggers the memory corruption. No additional privileges beyond normal user interaction are required; the victim simply needs to visit the malicious content [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the current user. This could lead to full compromise of the affected system, including data theft, installation of malware, or further lateral movement within a network [1].

Mitigation

Microsoft addressed this vulnerability as part of its March 2020 security updates. Users should apply the relevant patches provided for Microsoft Edge (Legacy) and ChakraCore. No workarounds were officially published, and the vulnerability is not known to be listed in CISA's KEV catalog as of the last review [1].

References
  1. NVD - CVE-2020-0831

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.11.171.11.17

Affected products

23
  • ghsa-coords
    pkg:nuget/microsoft.chakracore
    Range: < 1.11.17
  • Microsoft/ChakraCorev5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows Server 2019v5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.