Vulnerability Details : CVE-2023-30470
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2023-30470
- cpe:2.3:a:facebook:hermes:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-30470
2.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-30470
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-01-21 |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-30470
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- cve-assign@fb.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2023-30470
-
https://www.facebook.com/security/advisories/cve-2023-30470
CVE-2023-30470Patch;Vendor Advisory
-
https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09
Treat usages of arguments.callee as unknown callsites · facebook/hermes@da8990f · GitHubPatch
Jump to