PT-2020-15169 · Facebook · React Native+1

Published

2020-10-26

Updated

2022-05-24

CVE-2020-1915

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Facebook Hermes versions prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0

Description An out-of-bounds read in the JavaScript Interpreter allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. This issue is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Most React Native applications are not affected.

Recommendations For Facebook Hermes versions prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the evaluation of untrusted JavaScript in applications using Hermes to minimize the risk of exploitation.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-1915

GHSA-X4CF-6JR3-3QVP

Affected Products

Hermes

React Native

PT-2020-15169 · Facebook · React Native+1

CVE-2020-1915

Weakness Enumeration

Related Identifiers

Affected Products

References · 8