CVE-2022-40138 Information
Oct 12, 2022
cve
Description
An integer conversion error in Hermes bytecode generation prior to commit 6aa825e480d48127b480b08d13adf70033237097 could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence most React Native applications are not affected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.facebook.com/security/advisories/CVE-2022-40138 https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: