CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

History

26 May 2023, 18:23

Type Values Removed Values Added
CPE cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-843
First Time Facebook
Facebook hermes
References (MISC) https://www.facebook.com/security/advisories/cve-2023-23557 - (MISC) https://www.facebook.com/security/advisories/cve-2023-23557 - Patch, Vendor Advisory
References (MISC) https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad - (MISC) https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad - Patch, Vendor Advisory

Information

Published : 2023-05-18 22:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-23557

Mitre link : CVE-2023-23557

CVE.ORG link : CVE-2023-23557


JSON object : View

Products Affected

facebook

  • hermes
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')