VYPR
← All advisories
High severityNVD Advisory· Published Apr 15, 2020· Updated Aug 4, 2024

CVE-2020-0970

CVE-2020-0970

Description

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in ChakraCore's scripting engine allows remote code execution via crafted objects.

CVE-2020-0970 is a remote code execution vulnerability in the ChakraCore scripting engine, which is the JavaScript engine used in Microsoft Edge (legacy) and as an open-source project. The vulnerability is due to improper handling of objects in memory, leading to memory corruption. [1][2]

To exploit this vulnerability, an attacker would need to host a specially crafted webpage that, when visited in a browser using ChakraCore, triggers the memory corruption. No authentication is required, and the attacker only needs network access to deliver the page. [2]

Successful exploitation allows an attacker to execute arbitrary code in the context of the browser, potentially leading to system compromise. The vulnerability is distinct from other similar issues like CVE-2020-0968. [2]

Microsoft released a security update in April 2020 to address this vulnerability, and the fix was also contributed to the open-source ChakraCore repository via pull request #6420 and commit 892e45ff85ed4e3899371eca950a7fb4810bde37. [1][3][4]

References
  1. ChakraCore Servicing Update for 2020.04B by boingoing · Pull Request #6420 · chakra-core/ChakraCore
  2. NVD - CVE-2020-0970
  3. GitHub - chakra-core/ChakraCore: ChakraCore is an open source Javascript engine with a C API.
  4. [CVE-2020-0970] · chakra-core/ChakraCore@892e45f

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.11.181.11.18

Affected products

15
  • ghsa-coords
    pkg:nuget/microsoft.chakracore
    Range: < 1.11.18
  • Microsoft/ChakraCorev5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows Server 2019v5
    Range: unspecified

Patches

1
892e45ff85ed

[CVE-2020-0970]

https://github.com/chakra-core/ChakraCorePaul LeathersFeb 26, 2020via ghsa
commit
1 file changed · +10 0
  • lib/Runtime/Types/PathTypeHandler.cpp+10 0 modified
    @@ -2013,6 +2013,16 @@ namespace Js
                 {
                     newSetters = this->UpdateSetterSlots(recycler, oldSetters, oldPathSize, newTypePath->GetPathSize());
                 }
+
+#if ENABLE_FIXED_FIELDS
+#ifdef SUPPORT_FIXED_FIELDS_ON_PATH_TYPES
+                if (PathTypeHandlerBase::FixPropsOnPathTypes())
+                {
+                    Assert(this->HasSingletonInstanceOnlyIfNeeded());
+                    this->GetTypePath()->ClearSingletonInstanceIfSame(instance);
+                }
+#endif
+#endif
             }
             else if (growing)
             {

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

5

News mentions

0

No linked articles in our index yet.