CVE-2022-40138
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
Un error de conversión de enteros en la generación de bytecode de Hermes, anterior al commit 6aa825e480d48127b480b08d13adf70033237097, podría haber sido usado para llevar a cabo operaciones Fuera de Límites y posteriormente ejecutar código arbitrario. Tenga en cuenta que esto sólo es explotable en los casos en que Hermes es usado para ejecutar JavaScript no confiable. Por lo tanto, la mayoría de las aplicaciones React Native no están afectadas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-06 CVE Reserved
- 2022-10-11 CVE Published
- 2024-05-03 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-681: Incorrect Conversion between Numeric Types
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097 | 2022-10-11 |
| URL | Date | SRC |
|---|---|---|
| https://www.facebook.com/security/advisories/CVE-2022-40138 | 2022-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Facebook Search vendor "Facebook" | Hermes Search vendor "Facebook" for product "Hermes" | < 2022-09-27 Search vendor "Facebook" for product "Hermes" and version " < 2022-09-27" | - |
Affected
| ||||||