Hermes-engine is vulnerable to Denial of Service. The vulnerability exists due to the function parseArrowFunctionExpression
in JSParserImpl.cpp
, where an infinite recursion condition in the error handler allows an attacker to execute maliciously formed JavaScript causing an application crash.