An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
[
{
"defaultStatus": "unaffected",
"product": "Hermes",
"vendor": "Facebook",
"versions": [
{
"lessThan": "a6dcafe6ded8e61658b40f5699878cd19a481f80",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
]