CVE-2023-23557

CVSS V2 None CVSS V3 None

Description

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Overview

CVE ID
CVE-2023-23557

Assigner
cve-assign@fb.com

Vulnerability Status
Received

Published Version
2023-05-18T22:15:09

Last Modified Date
2023-05-18T22:15:09

Weakness Enumerations

CWE	URL
CWE-843	http://cwe.mitre.org/data/definitions/843.html

References

Reference URL	Reference Tags
https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad
https://www.facebook.com/security/advisories/cve-2023-23557

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-23557
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23557

History

Created	Old Value	New Value	Data Type	Notes
2023-05-18 23:00:51				Added to TrackCVE
2023-05-18 23:00:56			Weakness Enumeration	new