CVE-2023-25933

Name of the Vulnerable Software and Affected Versions TypedArray versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81

Description A type confusion bug in TypedArray could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. This is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Most React Native applications are not affected.

Recommendations As a temporary workaround, consider disabling the execution of untrusted JavaScript when using Hermes until a patch is available. Restrict the use of TypedArray to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.