Integer Signedness Error in Facebook Hermes JavaScript Interpreter
CVE-2020-1913

8.1HIGH

Key Information:

Vendor: Facebook
Status: Hermes
Vendor: CVE Published:; 9 September 2020

What is CVE-2020-1913?

An integer signedness error exists in the JavaScript interpreter of Facebook Hermes prior to a specific commit. This vulnerability can lead to denial of service attacks or potentially remote code execution when untrusted JavaScript is evaluated. However, many React Native applications are typically not susceptible, given they often restrict the execution of such untrusted scripts.

Affected Version(s)

Hermes commit prior to 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6

References

https://www.facebook.com/security/advisories/cve-2020-1913

x_refsource_CONFIRM

https://github.com/facebook/hermes/commit/2c7af7ec481ceff...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Dec 2, 2019