Integer Conversion Error in Hermes Leading to Potential Code Execution in React Native
CVE-2022-40138
9.8CRITICAL
What is CVE-2022-40138?
A vulnerability exists in Hermes due to an integer conversion error in its bytecode generation process. This flaw may allow attackers to perform Out-Of-Bounds operations and execute arbitrary code when executing untrusted JavaScript. It is important to note that the majority of React Native applications are not affected, as this exploit requires specific conditions centered around the use of Hermes.
Affected Version(s)
Hermes < unspecified