CVE-2022-32234

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Hermes versions prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1

Description The issue is related to an out of bounds write in Hermes while handling large arrays, which can potentially allow attackers to execute arbitrary code via crafted JavaScript. This is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Most React Native applications are not affected.

Recommendations For versions prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the evaluation of untrusted JavaScript in applications using Hermes.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2022-06220

CVE-2022-32234

Affected Products

Hermes

CVE-2022-32234

Weakness Enumeration

Related Identifiers

Affected Products

References · 6