CVE-2023-28081
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-28081
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28081.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-28081
- Published
- 2023-05-18T22:15:09.807Z
- Modified
- 2025-11-15T06:23:45.815736Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
- References
Affected packages
Git / github.com/facebook/hermes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hermes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
hermes-2022-04-28-RNv0.*
hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f
hermes-2022-07-15-RNv0.*
hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98
hermes-2022-11-03-RNv0.*
hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d
hermes-2023-03-20-RNv0.*
hermes-2023-03-20-RNv0.72.0-49794cfc7c81fb8f69fd60c3bbf85a7480cc5a77
v0.*
v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.2.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
Database specific
vanir_signatures
[
{
"digest": {
"function_hash": "244183288744092653219593119058222456090",
"length": 366.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-22f1cd0b",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp",
"function": "inferBinaryBitwise"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"336931968309116850462669742277968446553",
"299509394037923709807431212749158629785",
"169282125372886596339269684525963608536"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-7217635b",
"target": {
"file": "include/hermes/VM/HermesValue.h"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "86956276143268804146579076321073111345",
"length": 2103.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-74052a61",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp",
"function": "inferBinaryInst"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"118771179013626882642982892568195606073",
"8016861606220775059927620988985092726",
"152841409216909217454005860153543372848",
"127380054592229484182699249395897055946",
"290408447022023195909845287747872405741",
"141273481583623850541722735779603879664",
"220341937837190503240429377773002327182",
"219040827131277169782835594942430270384",
"316003812280555226773844676759808078763",
"302033363771629961968938231100660686204",
"247548758421056834761362694635461939921",
"80786748400859586168895298212070338494",
"297959158944488956617333772347470577108",
"267160263947966031850668010691460536075",
"316134095356359077953841416625426192454",
"28954704525521148933504007404822163670",
"334668736518642025213968328535040621921",
"107035317872143561999334934937955082440",
"312033574171870869931480538620729018056",
"177851560174477371319486075165328084045",
"322688915307330205259282843384821720355",
"39900426471887192767882585494723637938",
"46708100742113253573206706171875039313",
"154009086421358578437468245997216855438"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-74c1794d",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "46913985563578523541684126239352316832",
"length": 1162.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-76ef3c68",
"target": {
"file": "lib/VM/JSLib/TypedArray.cpp",
"function": "typedArrayPrototypeAt"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"84358595366936656521550073894911001200",
"286542122920275780596472527039175233126",
"145475748144065922651304348731516691188",
"294098942309992616003012710929317852597"
]
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-7857f019",
"target": {
"file": "lib/VM/JSLib/TypedArray.cpp"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "148250141359981567341427435045414447390",
"length": 615.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-bd9d8b8e",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp",
"function": "inferBinaryArith"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Function"
},
{
"digest": {
"function_hash": "289960701648422593995811240640000896793",
"length": 484.0
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2023-28081-f573dfe2",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp",
"function": "inferUnaryArith"
},
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"signature_type": "Function"
}
]