CVE-2023-24833

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

History

26 May 2023, 23:27

Type Values Removed Values Added
References (MISC) https://www.facebook.com/security/advisories/cve-2023-24833 - (MISC) https://www.facebook.com/security/advisories/cve-2023-24833 - Patch, Vendor Advisory
References (MISC) https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80 - (MISC) https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80 - Patch
CWE CWE-416
First Time Facebook
Facebook hermes
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CPE cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

Information

Published : 2023-05-18 22:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-24833

Mitre link : CVE-2023-24833

CVE.ORG link : CVE-2023-24833


JSON object : View

Products Affected

facebook

  • hermes
CWE
CWE-416

Use After Free