CVE-2023-30470

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-30470

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30470.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-30470

Published

2023-05-18T22:15:09.930Z

Modified

2025-11-20T12:17:28.368817Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

References

Affected packages

Git / github.com/facebook/hermes

Affected ranges

Type: GIT
Repo: https://github.com/facebook/hermes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

da8990f737ebb9d9810633502f65ed462b819c09

Affected versions

hermes-2022-04-28-RNv0.*

hermes-2022-04-28-RNv0.69.0-15d07c2edd29a4ea0b8f15ab0588a0c1adb1200f

hermes-2022-07-15-RNv0.*

hermes-2022-07-15-RNv0.70.0-88dd5731a19ab6b38b0a0a2d4386ba959f2a2c98

hermes-2022-11-03-RNv0.*

hermes-2022-11-03-RNv0.71.0-85613e1f9d1216f2cce7e54604be46057092939d

hermes-2023-03-20-RNv0.*

hermes-2023-03-20-RNv0.72.0-49794cfc7c81fb8f69fd60c3bbf85a7480cc5a77

v0.*

v0.1.0

v0.1.1

v0.10.0

v0.11.0

v0.12.0

v0.2.1

v0.3.0

v0.4.0

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-30470-4483a6cb",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09",
        "target": {
            "file": "lib/Optimizer/Scalar/SimpleCallGraphProvider.cpp"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "203176909997097263901871922927750748673",
                "100058039777269157892465408992714750004",
                "321956038138121144478942622085642234851",
                "65214715864073474023840349335783664003"
            ]
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-30470-add0479c",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/facebook/hermes/commit/da8990f737ebb9d9810633502f65ed462b819c09",
        "target": {
            "function": "identifyCallsites",
            "file": "lib/Optimizer/Scalar/SimpleCallGraphProvider.cpp"
        },
        "digest": {
            "length": 555.0,
            "function_hash": "186961203542518004325415249558059953391"
        },
        "signature_type": "Function"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30470.json"