CVE-2023-23556
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-23556
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-23556.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-23556
- Published
- 2023-05-18T22:15:09Z
- Modified
- 2025-10-16T09:30:19.903806Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
- References
Affected packages
Git / github.com/facebook/hermes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hermes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
hermes-2022-04-28-RNv0.*
hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f
hermes-2022-07-15-RNv0.*
hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98
hermes-2022-11-03-RNv0.*
hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d
v0.*
v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.2.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
Database specific
vanir_signatures
[
{
"digest": {
"line_hashes": [
"116023603249055942204871578289526150818",
"157465235683486666630666541987617012353",
"324844226610994754364777013170485823662",
"305436130329384601449460512141132589680",
"256784880773286649680719239257047737024"
],
"threshold": 0.9
},
"target": {
"file": "lib/VM/Operations.cpp"
},
"signature_type": "Line",
"id": "CVE-2023-23556-145a8f24",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
},
{
"digest": {
"length": 281.0,
"function_hash": "182465140115176206595651731294451484989"
},
"target": {
"file": "lib/Support/BigIntSupport.cpp",
"function": "toDouble"
},
"signature_type": "Function",
"id": "CVE-2023-23556-1b1293fa",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
},
{
"digest": {
"line_hashes": [
"159108049424863460441355083818936485829",
"160020135003896613308550930136518706150",
"312483450123792388199485599228294266894",
"30932606837278682447139067601811061633"
],
"threshold": 0.9
},
"target": {
"file": "lib/Support/BigIntSupport.cpp"
},
"signature_type": "Line",
"id": "CVE-2023-23556-26f67e81",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
},
{
"digest": {
"line_hashes": [
"327584473803952423536992197582374868669",
"7771634333197280731037778234458644585",
"94602761196101625413231949479955562725",
"246489650203966278907648881022758586812",
"181586388229243172966848421284771673939",
"335352610645303177993059854685458401532",
"305482378050391684812655155477165124418",
"5595740571188832623618342286973301592",
"278285489027415498589782065420222616769",
"44085747458836909365017973400137115795"
],
"threshold": 0.9
},
"target": {
"file": "lib/VM/JSLib/Array.cpp"
},
"signature_type": "Line",
"id": "CVE-2023-23556-e833c902",
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
]