An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
[ { "source": "https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6", "signature_version": "v1", "target": { "file": "lib/VM/Interpreter.cpp" }, "digest": { "line_hashes": [ "269855236786415552897600691540973001776", "177911722898958163395498130285053245701", "323305219191426086056088233757066307798", "39448789090986036212948688995972952205", "157409732076311284422209343788055103811" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2020-1913-2a7576a5" } ]