CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097	Patch Third Party Advisory
https://www.facebook.com/security/advisories/CVE-2022-40138	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

History

11 Oct 2022, 19:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:facebook:hermes::::::::
CWE		CWE-681
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Facebook hermes Facebook
References	~~(CONFIRM) https://www.facebook.com/security/advisories/CVE-2022-40138 -~~	(CONFIRM) https://www.facebook.com/security/advisories/CVE-2022-40138 - Vendor Advisory
References	~~(CONFIRM) https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097 -~~	(CONFIRM) https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097 - Patch, Third Party Advisory

11 Oct 2022, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-11 02:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-40138

Mitre link : CVE-2022-40138

CVE.ORG link : CVE-2022-40138

JSON object : View

Products Affected

facebook

hermes

CWE

CWE-681

Incorrect Conversion between Numeric Types

{"id": "CVE-2022-40138", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-10-11T02:15:08.857", "references": [{"url": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097", "tags": ["Patch", "Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://www.facebook.com/security/advisories/CVE-2022-40138", "tags": ["Vendor Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-681"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-681"}]}], "descriptions": [{"lang": "en", "value": "An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."}, {"lang": "es", "value": "Un error de conversi\u00f3n de enteros en la generaci\u00f3n de bytecode de Hermes, anterior al commit 6aa825e480d48127b480b08d13adf70033237097, podr\u00eda haber sido usado para llevar a cabo operaciones Fuera de L\u00edmites y posteriormente ejecutar c\u00f3digo arbitrario. Tenga en cuenta que esto s\u00f3lo es explotable en los casos en que Hermes es usado para ejecutar JavaScript no confiable. Por lo tanto, la mayor\u00eda de las aplicaciones React Native no est\u00e1n afectadas"}], "lastModified": "2022-10-11T19:10:52.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "451DE6BE-B59A-48A8-BB8D-462144D9BBBB", "versionEndExcluding": "2022-09-27"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}