Out of Bounds Write Vulnerability in Hermes Engine Affecting React Native Applications
CVE-2022-32234
9.8CRITICAL
What is CVE-2022-32234?
The Hermes JavaScript engine has a vulnerability that allows for an out of bounds write when dealing with large arrays. This weakness can be exploited to potentially execute arbitrary code when an application permits the evaluation of untrusted JavaScript. Most React Native applications, however, are typically safe since they do not allow such evaluations. Developers are encouraged to review their implementations and ensure the use of updated versions of Hermes to mitigate the risk.
Affected Version(s)
Hermes < unspecified