CVE-2023-25933
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-25933
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25933.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-25933
- Published
- 2023-05-18T22:15:09Z
- Modified
- 2025-10-16T05:44:31.868199Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
- References
Affected packages
Git / github.com/facebook/hermes
Affected ranges
- Type
- GIT
- Repo
- https://github.com/facebook/hermes
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
hermes-2022-04-28-RNv0.*
hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f
hermes-2022-07-15-RNv0.*
hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98
hermes-2022-11-03-RNv0.*
hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d
hermes-2023-03-20-RNv0.*
hermes-2023-03-20-RNv0.72.0-49794cfc7c81fb8f69fd60c3bbf85a7480cc5a77
v0.*
v0.1.0
v0.1.1
v0.10.0
v0.11.0
v0.12.0
v0.2.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.7.0
v0.8.0
v0.9.0
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"target": {
"function": "inferBinaryBitwise",
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"signature_type": "Function",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"length": 366.0,
"function_hash": "244183288744092653219593119058222456090"
},
"id": "CVE-2023-25933-22f1cd0b"
},
{
"signature_version": "v1",
"target": {
"file": "include/hermes/VM/HermesValue.h"
},
"signature_type": "Line",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"line_hashes": [
"336931968309116850462669742277968446553",
"299509394037923709807431212749158629785",
"169282125372886596339269684525963608536"
],
"threshold": 0.9
},
"id": "CVE-2023-25933-7217635b"
},
{
"signature_version": "v1",
"target": {
"function": "inferBinaryInst",
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"signature_type": "Function",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"length": 2103.0,
"function_hash": "86956276143268804146579076321073111345"
},
"id": "CVE-2023-25933-74052a61"
},
{
"signature_version": "v1",
"target": {
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"signature_type": "Line",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"line_hashes": [
"118771179013626882642982892568195606073",
"8016861606220775059927620988985092726",
"152841409216909217454005860153543372848",
"127380054592229484182699249395897055946",
"290408447022023195909845287747872405741",
"141273481583623850541722735779603879664",
"220341937837190503240429377773002327182",
"219040827131277169782835594942430270384",
"316003812280555226773844676759808078763",
"302033363771629961968938231100660686204",
"247548758421056834761362694635461939921",
"80786748400859586168895298212070338494",
"297959158944488956617333772347470577108",
"267160263947966031850668010691460536075",
"316134095356359077953841416625426192454",
"28954704525521148933504007404822163670",
"334668736518642025213968328535040621921",
"107035317872143561999334934937955082440",
"312033574171870869931480538620729018056",
"177851560174477371319486075165328084045",
"322688915307330205259282843384821720355",
"39900426471887192767882585494723637938",
"46708100742113253573206706171875039313",
"154009086421358578437468245997216855438"
],
"threshold": 0.9
},
"id": "CVE-2023-25933-74c1794d"
},
{
"signature_version": "v1",
"target": {
"function": "typedArrayPrototypeAt",
"file": "lib/VM/JSLib/TypedArray.cpp"
},
"signature_type": "Function",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"length": 1162.0,
"function_hash": "46913985563578523541684126239352316832"
},
"id": "CVE-2023-25933-76ef3c68"
},
{
"signature_version": "v1",
"target": {
"file": "lib/VM/JSLib/TypedArray.cpp"
},
"signature_type": "Line",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"line_hashes": [
"84358595366936656521550073894911001200",
"286542122920275780596472527039175233126",
"145475748144065922651304348731516691188",
"294098942309992616003012710929317852597"
],
"threshold": 0.9
},
"id": "CVE-2023-25933-7857f019"
},
{
"signature_version": "v1",
"target": {
"function": "inferBinaryArith",
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"signature_type": "Function",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"length": 615.0,
"function_hash": "148250141359981567341427435045414447390"
},
"id": "CVE-2023-25933-bd9d8b8e"
},
{
"signature_version": "v1",
"target": {
"function": "inferUnaryArith",
"file": "lib/Optimizer/Scalar/TypeInference.cpp"
},
"signature_type": "Function",
"source": "https://github.com/facebook/hermes/commit/e6ed9c1a4b02dc219de1648f44cd808a56171b81",
"deprecated": false,
"digest": {
"length": 484.0,
"function_hash": "289960701648422593995811240640000896793"
},
"id": "CVE-2023-25933-f573dfe2"
}
]
}