An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/23xxx/CVE-2023-23556.json",
"cna_assigner": "facebook",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "a6dcafe6ded8e61658b40f5699878cd19a481f80"
}
],
"source": "AFFECTED_FIELD"
}
]
}