Denial of Service Vulnerability in Facebook Hermes JavaScript Interpreter
CVE-2020-1915

7.5HIGH

Key Information:

Vendor: Facebook
Status: Hermes
Vendor: CVE Published:; 26 October 2020

What is CVE-2020-1915?

An out-of-bounds read flaw in the JavaScript Interpreter of Facebook Hermes enables attackers to potentially induce a denial of service or cause further memory corruption through specially crafted JavaScript. This vulnerability can only be exploited if the host application allows the execution of untrusted JavaScript, which limits its impact on typical React Native applications.

Affected Version(s)

Hermes commit prior to 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0

References

https://www.facebook.com/security/advisories/cve-2020-1915

x_refsource_CONFIRM

https://github.com/facebook/hermes/commit/8cb935cd3b2321c...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 26, 2020
Vulnerability Reserved
Dec 2, 2019