CVE-2022-40138
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-40138
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40138.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-40138
- Published
- 2022-10-11T02:15:08.857Z
- Modified
- 2025-11-20T12:08:08.311668Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
- References
Affected packages
Git / github.com/facebook/hermes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hermes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
hermes-2022-04-28-RNv0.*
hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f
hermes-2022-07-15-RNv0.*
hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98
v0.*
v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.2.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"id": "CVE-2022-40138-0348bcbe",
"digest": {
"threshold": 0.9,
"line_hashes": [
"109040570191197991076369987918262582825",
"164556655972489069363063824625173950955",
"230593780867937907928436236782689465865",
"5610914142668702803587678001644238928",
"147472889918508283493365572134697595879"
]
},
"deprecated": false,
"target": {
"file": "lib/BCGen/HBC/BytecodeProviderFromSrc.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-1bbc5122",
"digest": {
"threshold": 0.9,
"line_hashes": [
"177986846757828897151266232416891475099",
"165276106284461463259418693991003280030",
"173527877970893629646407805979145089361",
"330806161029629227855053558735301942800",
"318228985021961471335619488105928295372",
"130240084558345005032344494172514735815"
]
},
"deprecated": false,
"target": {
"file": "lib/BCGen/HBC/HBC.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-1e4efc6d",
"digest": {
"function_hash": "276922165782153138565153698299541312109",
"length": 1259.0
},
"deprecated": false,
"target": {
"function": "GeneratorInnerFunction::callInnerFunction",
"file": "lib/VM/Callable.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-23b350ed",
"digest": {
"threshold": 0.9,
"line_hashes": [
"172308198671009789602311631276962548322",
"288105303434165814642589339539862954815",
"112792274142038328150754087983865043300",
"197536067167828602864483747874816887874",
"251974614315121897420818224827243847579",
"292560421453790901137139441017451864415",
"281818609005795452319877832870918890813",
"89961130754328965917479546120623561821",
"272527235718729063376655972558819406624",
"88813686945707192271189701868070243572",
"1524493388551635211388787120840805029",
"89961130754328965917479546120623561821"
]
},
"deprecated": false,
"target": {
"file": "lib/VM/Interpreter.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-28073565",
"digest": {
"function_hash": "284421882848216871300904537457838816326",
"length": 263.0
},
"deprecated": false,
"target": {
"function": "BytecodeModuleGenerator::setFunctionGenerator",
"file": "lib/BCGen/HBC/BytecodeGenerator.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-296391ec",
"digest": {
"threshold": 0.9,
"line_hashes": [
"224041051022140011980844435182104370591",
"74154316283900861918324226487026260463",
"58969850251692542765688961342626730625",
"97195817640859463656168702191181017032",
"122759079224024053994699197664363043791",
"244035622070164521550678395047994305908",
"152326773147911658327742615038197617516",
"200820909643464474296510257919410509325",
"72649453931968897335369935595082680092",
"68737212950829228965118846429114751432",
"80393473206495331473285599657168037787",
"221585545804880219046314413059726326833",
"169621306478061709513074097585281739837",
"102897012949894881455402297694720871615",
"108288265973084716257379380396154308923",
"264649516755927121568816305397988104624",
"13333770798790497713047626859527944732"
]
},
"deprecated": false,
"target": {
"file": "include/hermes/VM/CodeBlock.h"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-34c94065",
"digest": {
"function_hash": "42919287169842289427444719762176029308",
"length": 70603.0
},
"deprecated": false,
"target": {
"function": "Interpreter::interpretFunction",
"file": "lib/VM/Interpreter.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-495963bc",
"digest": {
"function_hash": "136021029353350318104237030226936456169",
"length": 729.0
},
"deprecated": false,
"target": {
"function": "CodeBlock::lazyCompileImpl",
"file": "lib/VM/CodeBlock.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-57cbdc76",
"digest": {
"threshold": 0.9,
"line_hashes": [
"286059272914560848153279810026967329607",
"313503593395150492783138202406695087163",
"268527227546736335940005369132578409361",
"10681701517370169285311067589952863810",
"207680673462704311383910673465994053190",
"334994747717875822547472873937117169517",
"214450699909662043703615854424007751778",
"75842991831857106875563157720637761945",
"169176710559790842805996253235401936475",
"261048862585129958401785466026154773447",
"277522923377408644767857371469842620248",
"208671487049646259463604108599038528999",
"245767641466716864390920119215757876757"
]
},
"deprecated": false,
"target": {
"file": "include/hermes/BCGen/HBC/BytecodeInstructionGenerator.h"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-68dac985",
"digest": {
"threshold": 0.9,
"line_hashes": [
"47179398650857850274761738698419713614",
"302993059343395265571319227067453084575",
"190967980928263892376012312324689977087",
"254734819648733905739175427187099222138"
]
},
"deprecated": false,
"target": {
"file": "lib/VM/Operations.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-6fef8f2d",
"digest": {
"function_hash": "151696424966511045310990692657893780534",
"length": 463.0
},
"deprecated": false,
"target": {
"function": "generateBytecodeForExecution",
"file": "lib/CompilerDriver/CompilerDriver.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-753f2698",
"digest": {
"threshold": 0.9,
"line_hashes": [
"329396822213583019547318458030264757073",
"328800755624456630145226755919667366461",
"255206591949859527696898640187895768411",
"158625960907771324677305486233953005276"
]
},
"deprecated": false,
"target": {
"file": "lib/VM/Debugger/Debugger.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-76cfb833",
"digest": {
"function_hash": "186421180445296576994207689913453567852",
"length": 94.0
},
"deprecated": false,
"target": {
"function": "lazyCompile",
"file": "include/hermes/VM/CodeBlock.h"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-79aec8cb",
"digest": {
"function_hash": "65894936905143985013485203958573717905",
"length": 3602.0
},
"deprecated": false,
"target": {
"function": "hbc::generateBytecodeModule",
"file": "lib/BCGen/HBC/HBC.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-7a1b58bd",
"digest": {
"function_hash": "207853241475892092448739501443678912575",
"length": 3466.0
},
"deprecated": false,
"target": {
"function": "Debugger::resolveBreakpointLocation",
"file": "lib/VM/Debugger/Debugger.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-8850c889",
"digest": {
"threshold": 0.9,
"line_hashes": [
"325599552597374083102253973188559760498",
"296723836152882679322082447109558218447",
"222891135159751362683559725133442217604",
"325158781925747792412583124230594606036"
]
},
"deprecated": false,
"target": {
"file": "lib/BCGen/HBC/BytecodeGenerator.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-8afaa917",
"digest": {
"threshold": 0.9,
"line_hashes": [
"23688314215085065093097003070283681374",
"180748057353742504277303370666007433284",
"158704744465175134434506523659356166800",
"242503960745564856306690159311551362443"
]
},
"deprecated": false,
"target": {
"file": "lib/BCGen/HBC/ISel.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-97021a3b",
"digest": {
"function_hash": "236963540192902686444993138395669656229",
"length": 767.0
},
"deprecated": false,
"target": {
"function": "generateBytecodeForSerialization",
"file": "lib/CompilerDriver/CompilerDriver.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-9c9c38d7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"16709228401516185310148848365739460927",
"116158801660139604692735610657397396158",
"110794908186404797887680506848706481065",
"285817841500033480786378728226395487117",
"82804566509164025859903428880418517098",
"254502434830583909811241555570610809762",
"44468578218408686296856120187458648110",
"180509026564342261976209660968230791719"
]
},
"deprecated": false,
"target": {
"file": "lib/CompilerDriver/CompilerDriver.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-a92341c6",
"digest": {
"function_hash": "46820172464189392083614864668918483624",
"length": 596.0
},
"deprecated": false,
"target": {
"function": "HBCISel::generateHBCResolveEnvironment",
"file": "lib/BCGen/HBC/ISel.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-afa6321c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"148628202593860488354181186415095189819",
"72782063303472178432401676116961727782",
"295960150305130315466273942382592996057",
"58773084106627039766097850220059480991"
]
},
"deprecated": false,
"target": {
"file": "lib/VM/Callable.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-b694fad0",
"digest": {
"threshold": 0.9,
"line_hashes": [
"132507747974696221210239352435270545154",
"198815753336075751108085445661948055746",
"16571394201977575874524495374790753648",
"295416701176895437657836160462941814883"
]
},
"deprecated": false,
"target": {
"file": "include/hermes/CompilerDriver/CompilerDriver.h"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-b8089ce9",
"digest": {
"function_hash": "339833089807665175470117098989695969595",
"length": 30.0
},
"deprecated": false,
"target": {
"function": "lazyCompile",
"file": "include/hermes/VM/CodeBlock.h"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-c2071604",
"digest": {
"function_hash": "255046955704215187253009952639791480753",
"length": 807.0
},
"deprecated": false,
"target": {
"function": "Runtime::interpretFunctionImpl",
"file": "lib/VM/Interpreter.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-d338b2f9",
"digest": {
"threshold": 0.9,
"line_hashes": [
"186677008674716116024915374217691607091",
"110188433068046304501020336823700721278",
"73762417430261034317398797997471998486",
"56352463179888043134488501221269837342",
"195346441894042928885081751621812728927",
"120557558760063894925059329314415018343",
"109983636321723042365378868295877481213",
"316676344379322910283249365723709846031",
"295817885590550332282685160196224633807",
"189993605697947720970388887224354350723",
"128941691259687948630442141328799654823",
"310116009574702603779755442127141702877",
"333751186498466498259424342926545798179",
"40830006437262451489917834164523307513",
"105526993424484012952633894895329282876",
"72172732619971238923947722907900025383",
"69977501870974280516517397626030318891",
"135622217115272105051472664466112184928"
]
},
"deprecated": false,
"target": {
"file": "lib/VM/CodeBlock.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-dd246d86",
"digest": {
"function_hash": "28988118217514407097866512500786602067",
"length": 501.0
},
"deprecated": false,
"target": {
"function": "hbc::generateBytecode",
"file": "lib/BCGen/HBC/HBC.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
},
{
"signature_version": "v1",
"id": "CVE-2022-40138-ff550e83",
"digest": {
"function_hash": "212934140590584767295620772972411555649",
"length": 642.0
},
"deprecated": false,
"target": {
"function": "isConstructor",
"file": "lib/VM/Operations.cpp"
},
"source": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
"signature_type": "Function"
}
]