Lucene search
+L
FacebookHermes

20 matches found

CVE
CVE
added 2020/10/08 6:50 p.m.121 views

CVE-2020-1914

The CVE-2020-1914 entry describes a logic vulnerability in Facebook Hermes related to the SaveGeneratorLong instruction. Before the commit b2021df620824627f5a8c96615edbd1eb7fdddfc, attackers could theoretically read out of bounds or execute arbitrary code via crafted JavaScript, but exploitation ...

9.8CVSS9.5AI score0.02515EPSS
CVE
CVE
added 2020/10/26 8:20 p.m.120 views

CVE-2020-1915

CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...

7.5CVSS7.5AI score0.01584EPSS
CVE
CVE
added 2021/06/15 10:0 p.m.89 views

CVE-2021-24037

CVE-2021-24037 describes a use-after-free in the Hermes JavaScript engine (prior to commit d86e185e485b6330216dee8e854455c694e3a36e) that could enable arbitrary code execution when untrusted JavaScript is evaluated. Impact is limited to environments using Hermes with untrusted JS; most React Nati...

9.8CVSS9.8AI score0.01795EPSS
CVE
CVE
added 2020/09/04 2:35 a.m.80 views

CVE-2020-1911

CVE-2020-1911 concerns a type confusion in Facebook Hermes when resolving properties of JavaScript objects with specially-crafted prototype chains, prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da. The vulnerability could allow arbitrary code execution if untrusted JavaScript is evaluated...

9.8CVSS9.6AI score0.02003EPSS
CVE
CVE
added 2020/09/09 7:0 p.m.76 views

CVE-2020-1913

The CVE-2020-1913 issue affects Facebook Hermes’ JavaScript interpreter and is caused by an Integer signedness error. A crafted JavaScript payload can cause denial of service or potentially remote code execution if untrusted JS is evaluated by the Hermes runtime. The description notes that most R...

8.1CVSS7.7AI score0.01202EPSS
CVE
CVE
added 2021/02/02 6:50 a.m.74 views

CVE-2020-1896

Facebook Hermes stack overflow in the builtin apply path (before commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2) could allow arbitrary code execution via crafted JavaScript. The vulnerability is exploitable only when the host application evaluates untrusted JavaScript, so most React Native apps ...

9.8CVSS9.8AI score0.02418EPSS
CVE
CVE
added 2020/09/09 6:50 p.m.73 views

CVE-2020-1912

CVE-2020-1912 affects Facebook Hermes, a JavaScript VM used in React Native. The vulnerability is an out-of-bounds read/write when executing lazily compiled inner generator functions, prior to commit 091835377369c8fd5917d9b87acffa721ad2a168. Exploitation requires the application to evaluate untru...

8.1CVSS8.3AI score0.01813EPSS
CVE
CVE
added 2023/05/18 9:24 p.m.71 views

CVE-2023-24832

The CVE-2023-24832 issue is a null pointer dereference in the Hermes JavaScript engine prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708. The vulnerability could crash a Hermes runtime when EnableHermesInternal is set to true and untrusted JavaScript is executed; most React Native apps are...

7.5CVSS7.6AI score0.00723EPSS
CVE
CVE
added 2023/05/18 9:24 p.m.71 views

CVE-2023-24833

CVE-2023-24833 describes a use-after-free in Hermes’ BigIntPrimitive addition. The issue allows an attacker to leak raw data from the Hermes VM heap, but only when untrusted JavaScript is executed by Hermes. Most React Native apps are not affected. The root cause is a use-after-free in the BigInt...

7.5CVSS7.5AI score0.00644EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.70 views

CVE-2022-32234

CVE-2022-32234 concerns Facebook Hermes, a JavaScript engine used by React Native. The vulnerability is an out-of-bounds write when Hermes handles large arrays, before commit 06eaec767e376bfdb883d912cb15e987ddf2bda1, which could allow arbitrary code execution if untrusted JavaScript is evaluated ...

9.8CVSS9.7AI score0.00891EPSS
CVE
CVE
added 2022/01/15 12:35 a.m.68 views

CVE-2021-24044

Facebook Hermes vulnerability CVE-2021-24044 stems from passing invalid JavaScript where await/yield are used on non-async/non-generator getter/setter functions, triggering a type confusion error that can cause a segmentation fault with a low likelihood of RCE. Affected are Hermes versions prior ...

9.8CVSS9.4AI score0.0126EPSS
CVE
CVE
added 2023/05/18 9:26 p.m.64 views

CVE-2023-28081

CVE-2023-28081 involves a bytecode optimization bug in the Hermes JavaScript engine (used by React Native). The flaw, present in Hermes builds prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81, can cause a use-after-free and enable arbitrary code execution via a carefully crafted payload. ...

9.8CVSS9.6AI score0.00891EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.62 views

CVE-2022-35289

CVE-2022-35289 concerns Facebook Hermes, a JavaScript engine used by React Native. A write-what-where condition caused by an integer overflow can allow arbitrary code execution via crafted JavaScript, as described by multiple sources. The vulnerability is exploitable only if the application evalu...

9.8CVSS9.6AI score0.00891EPSS
CVE
CVE
added 2022/10/11 12:0 a.m.61 views

CVE-2022-40138

CVE-2022-40138 affects Hermes, the JavaScript engine used by React Native. The issue is an integer conversion error in Hermes bytecode generation (before commit 6aa825e480d48127b480b08d13adf70033237097) that could allow out-of-bounds operations and arbitrary code execution when untrusted JavaScri...

9.8CVSS9.8AI score0.00891EPSS
CVE
CVE
added 2023/05/18 9:27 p.m.61 views

CVE-2023-30470

CVE-2023-30470 concerns the Hermes JavaScript engine used by React Native. A use-after-free caused by unsound inference in the bytecode generation when optimizations are enabled could allow remote code execution if untrusted JavaScript is executed. The issue is tied to Hermes builds prior to comm...

9.8CVSS9.9AI score0.01249EPSS
CVE
CVE
added 2021/12/13 8:30 p.m.60 views

CVE-2021-24045

CVE-2021-24045 affects Facebook Hermes before v0.10.0, a type confusion bug triggered when resolving the typeof unary operator. The vulnerability is exploitable only if the host application evaluates untrusted JavaScript, and most React Native apps are not affected. In affected environments, upgr...

9.8CVSS9.3AI score0.01212EPSS
CVE
CVE
added 2023/05/18 9:16 p.m.56 views

CVE-2023-23556

CVE-2023-23556 affects the Facebook Hermes JavaScript engine. A bug in BigInt conversion to Number exists in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80, allowing a malicious actor to execute arbitrary code via an out-of-bounds write when untrusted JavaScript is executed. The ...

9.8CVSS9.7AI score0.00891EPSS
CVE
CVE
added 2023/05/18 9:24 p.m.56 views

CVE-2023-25933

CVE-2023-25933 concerns the Hermes JavaScript engine in React Native. A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could allow arbitrary code execution via untrusted JavaScript when Hermes processes such code. Most React Native apps are not affected ...

9.8CVSS9.7AI score0.00891EPSS
CVE
CVE
added 2022/10/06 12:0 a.m.55 views

CVE-2022-27810

CVE-2022-27810 affects the Hermes JavaScript engine prior to v0.12.0. The issue causes infinite recursion in the error handler when Hermes encounters certain malicious JavaScript, and is only triggerable in development mode (asserts enabled). Practical impact is a denial of service via a crash. A...

7.5CVSS7.4AI score0.00757EPSS
CVE
CVE
added 2023/05/18 9:19 p.m.54 views

CVE-2023-23557

CVE-2023-23557 affects Facebook Hermes (JavaScript engine used in React Native). The root cause is a type-confusion bug caused by copying object properties prior to commit, enabling an attacker to execute arbitrary code when Hermes runs untrusted JavaScript. The vulnerability is described across ...

9.8CVSS9.6AI score0.00891EPSS