2 matches found
CVE-2023-28081
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...
CVE-2023-25933
CVE-2023-25933 concerns the Hermes JavaScript engine in React Native. A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could allow arbitrary code execution via untrusted JavaScript when Hermes processes such code. Most React Native apps are not affected ...