CVE-2023-24832

CVSS V2 None CVSS V3 None

Description

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Overview

CVE ID
CVE-2023-24832

Assigner
cve-assign@fb.com

Vulnerability Status
Received

Published Version
2023-05-18T22:15:09

Last Modified Date
2023-05-18T22:15:09

Weakness Enumerations

CWE	URL
CWE-476	http://cwe.mitre.org/data/definitions/476.html

References

Reference URL	Reference Tags
https://github.com/facebook/hermes/commit/5cae9f72975cf0e5a62b27fdd8b01f103e198708
https://www.facebook.com/security/advisories/cve-2023-24832

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-24832
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24832

History

Created	Old Value	New Value	Data Type	Notes
2023-05-18 23:00:58				Added to TrackCVE
2023-05-18 23:01:02			Weakness Enumeration	new