An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
[
{
"id": "CVE-2020-1913-2a7576a5",
"source": "https://github.com/facebook/hermes/commit/2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6",
"digest": {
"line_hashes": [
"269855236786415552897600691540973001776",
"177911722898958163395498130285053245701",
"323305219191426086056088233757066307798",
"39448789090986036212948688995972952205",
"157409732076311284422209343788055103811"
],
"threshold": 0.9
},
"signature_version": "v1",
"target": {
"file": "lib/VM/Interpreter.cpp"
},
"signature_type": "Line",
"deprecated": false
}
]