Vulnerabilities > Facebook > Hermes > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-30470 Use After Free vulnerability in Facebook Hermes
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution.
network
low complexity
facebook CWE-416
critical
 9.8
9.8
2023-05-18 CVE-2023-28081 Use After Free vulnerability in Facebook Hermes
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload.
network
low complexity
facebook CWE-416
critical
 9.8
9.8
2023-05-18 CVE-2023-25933 Type Confusion vulnerability in Facebook Hermes
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript.
network
low complexity
facebook CWE-843
critical
 9.8
9.8
2023-05-18 CVE-2023-23557 Type Confusion vulnerability in Facebook Hermes
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion.
network
low complexity
facebook CWE-843
critical
 9.8
9.8
2023-05-18 CVE-2023-23556 Out-of-bounds Write vulnerability in Facebook Hermes
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2022-10-11 CVE-2022-40138 Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code.
network
low complexity
facebook CWE-681
critical
 9.8
9.8
2022-10-11 CVE-2022-35289 Integer Overflow or Wraparound vulnerability in Facebook Hermes
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-190
critical
 9.8
9.8
2022-10-11 CVE-2022-32234 Out-of-bounds Write vulnerability in Facebook Hermes
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2022-01-15 CVE-2021-24044 Type Confusion vulnerability in Facebook Hermes
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions.
network
low complexity
facebook CWE-843
critical
 9.8
9.8
2021-12-13 CVE-2021-24045 Type Confusion vulnerability in Facebook Hermes
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0.
network
low complexity
facebook CWE-843
critical
 9.8
9.8