Lucene search

GoogleOSV:CVE-2023-24833

HistoryMay 18, 2023 - 10:15 p.m.

CVE-2023-24833

2023-05-1822:15:09

Google

osv.dev

hermes

bigintprimitive

use-after-free

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

CPENameOperatorVersion
hermeseq0.2.1
hermeseq0.12.0
hermeseq0.5.0
hermeseq0.10.0
hermeseq0.11.0
hermeseq0.1.1
hermeseq0.1.0
hermeseq0.4.0
hermeseq0.7.0
hermeseqhermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d

Name	Operator	Version
hermes	eq	0.2.1
hermes	eq	0.12.0
hermes	eq	0.5.0
hermes	eq	0.10.0
hermes	eq	0.11.0
hermes	eq	0.1.1
hermes	eq	0.1.0
hermes	eq	0.4.0
hermes	eq	0.7.0
hermes	eq	hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d

Rows per page:

1-10 of 161

References

github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80

www.facebook.com/security/advisories/cve-2023-24833

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.5%

JSON

Related for OSV:CVE-2023-24833