CRITICAL🇵🇱 Wersja polska

CVE-2023-28081

CVSS 9.8v3.1pub. 2023-05-18upd. 2025-01-21

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Facebook Hermes

    APP
    Facebook
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-30470CRITICAL9.8ten sam produkt

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for He...

CVE-2023-23556CRITICAL9.8ten sam produkt

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 cou...

CVE-2023-23557CRITICAL9.8ten sam produkt

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4...

CVE-2023-25933CRITICAL9.8ten sam produkt

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been us...

CVE-2022-32234CRITICAL9.8ten sam produkt

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e98...