Lucene search
Veracode Vulnerability DatabaseVERACODE:37517HistoryOct 11, 2022 - 4:25 p.m.
Arbitrary Code Execution
2022-10-1116:25:47
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
hermes-engine
arbitrary code execution
integer overflow
codeblock.h
javascript
vulnerability
0.003 Low
EPSS
Percentile
69.9%
hermes-engine is vulnerable to arbitrary code execution. The vulnerability exists due to a write-what-where condition caused by an integer overflow in growAndRehash function of CodeBlock.h which allows an attacker to potentially execute arbitrary code via crafted javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| hermes-engine | le | 0.11.0 | |
| hermes-engine | le | 0.11.0 |
Related
prion
prion
Integer overflow
2022-10-11 02:15:00
cve
cve
CVE-2022-35289
2022-10-11 02:15:08
cvelist
cvelist
CVE-2022-35289
2022-10-11 00:00:00
nvd
nvd
CVE-2022-35289
2022-10-11 02:15:08
osv
osv
CVE-2022-35289
2022-10-11 02:15:08