Vulnerabilities > Facebook > Hermes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-18 | CVE-2023-24832 | NULL Pointer Dereference vulnerability in Facebook Hermes A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. | 7.5 |
| 2023-05-18 | CVE-2023-24833 | Use After Free vulnerability in Facebook Hermes A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. | 7.5 |
| 2022-10-06 | CVE-2022-27810 | Uncontrolled Recursion vulnerability in Facebook Hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. | 7.5 |
| 2020-10-26 | CVE-2020-1915 | Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. | 7.5 |
| 2020-09-09 | CVE-2020-1913 | Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. | 8.1 |
| 2020-09-09 | CVE-2020-1912 | Out-of-bounds Write vulnerability in Facebook Hermes An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 8.1 |