CVE-2022-32234

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

History

11 Oct 2022, 19:08

Type Values Removed Values Added
CWE CWE-787
CPE cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*
References (CONFIRM) https://github.com/facebook/hermes/commit/06eaec767e376bfdb883d912cb15e987ddf2bda1 - (CONFIRM) https://github.com/facebook/hermes/commit/06eaec767e376bfdb883d912cb15e987ddf2bda1 - Patch, Third Party Advisory
References (CONFIRM) https://www.facebook.com/security/advisories/CVE-2022-32234 - (CONFIRM) https://www.facebook.com/security/advisories/CVE-2022-32234 - Vendor Advisory
First Time Facebook hermes
Facebook
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

11 Oct 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-10-11 01:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-32234

Mitre link : CVE-2022-32234

CVE.ORG link : CVE-2022-32234


JSON object : View

Products Affected

facebook

  • hermes
CWE
CWE-787

Out-of-bounds Write