CVE-2020-1912

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1912

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1912.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1912

Aliases

GHSA-pf27-929j-9pmm

Published

2020-09-09T19:15:20.850Z

Modified

2025-11-20T11:19:23.126735Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

References

Affected packages

Git / github.com/facebook/hermes

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hermes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

091835377369c8fd5917d9b87acffa721ad2a168

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.1

v0.3.0

v0.4.0

v0.5.0

v0.6.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/IRGen/ESTreeIRGen.cpp",
            "function": "ESTreeIRGen::doLazyFunction"
        },
        "id": "CVE-2020-1912-1a248a41",
        "digest": {
            "function_hash": "166117337606691127376896012638914962402",
            "length": 1127.0
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/BCGen/HBC/BytecodeGenerator.cpp",
            "function": "BytecodeModuleGenerator::generate"
        },
        "id": "CVE-2020-1912-23e65117",
        "digest": {
            "function_hash": "141433903422062908392870224668616591625",
            "length": 3223.0
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/IRGen/ESTreeIRGen-func.cpp"
        },
        "id": "CVE-2020-1912-4ec2a93e",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "68947359869273260695952235856958639047",
                "310262731518963030849177473901907694982",
                "43655176662467176673572812232337830164",
                "251975857109927295130916986511114831995",
                "267392027748459512215805486003428925381",
                "14869591982245817008383418568817739486",
                "25011000255393205312587106221272530406",
                "76617029384894588801177634287181038274",
                "302810129154842953319122505398617295679",
                "290781533802588139012893337737251953884",
                "309741251300914982749835247732214238943",
                "304745648669413726604737901917541719575",
                "197290495346865817946198223729531450493",
                "164628642321663572232346492589147618151"
            ]
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "include/hermes/IRGen/IRGen.h"
        },
        "id": "CVE-2020-1912-6fcf5aaf",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "118449173113696205520853759435422956610",
                "232680986558581044059541722654142378307",
                "336810655257276162490605970511824891267"
            ]
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/IRGen/ESTreeIRGen.cpp"
        },
        "id": "CVE-2020-1912-93509744",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "19906978767362067285113684163218152133",
                "175595626256065738182228936290520385548",
                "12935631989303753987380467402787289329",
                "148815064741235597976782175301514007803"
            ]
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/IRGen/ESTreeIRGen-func.cpp",
            "function": "ESTreeIRGen::genES5Function"
        },
        "id": "CVE-2020-1912-a6c1d01d",
        "digest": {
            "function_hash": "15381551074468224391172303248986894624",
            "length": 2298.0
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "include/hermes/IR/IR.h"
        },
        "id": "CVE-2020-1912-c538ddc8",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "10876135637255643184975339061925308991",
                "322220919901056191015063488949676221856",
                "303417822709648059539571908123264092948",
                "203289460270659300369657686157979660466"
            ]
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/BCGen/HBC/BytecodeGenerator.cpp"
        },
        "id": "CVE-2020-1912-cd3bb58f",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "127463815399244171356330020060141584602",
                "205336833909874881979775941571286102428",
                "244584719445244937694542144971470351922",
                "162851663397290344814180789619227158406"
            ]
        },
        "signature_version": "v1"
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168",
        "deprecated": false,
        "target": {
            "file": "lib/IRGen/ESTreeIRGen-func.cpp",
            "function": "ESTreeIRGen::genGeneratorFunction"
        },
        "id": "CVE-2020-1912-d7df1ce0",
        "digest": {
            "function_hash": "38774911459647130156213830716821810632",
            "length": 840.0
        },
        "signature_version": "v1"
    }
]