CVE-2023-24832

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-24832
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24832.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-24832
Published
2023-05-18T22:15:09Z
Modified
2025-01-21T23:47:06.935921Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

References

Affected packages

Git / github.com/facebook/hermes

Affected ranges

Type
GIT
Repo
https://github.com/facebook/hermes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

hermes-2022-04-28-RNv0.*

hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f

hermes-2022-07-15-RNv0.*

hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98

hermes-2022-11-03-RNv0.*

hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d

v0.*

v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.2.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0