Home > Vulnerability Database > CVE-2022-32234

Mend.io Vulnerability Database

CVE-2022-32234

Good to know:

Date: October 10, 2022

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Language: C++

Severity Score

9.8

Related Resources (4)

Url: https://github.com/facebook/hermes/commit/06eaec767e376bfdb883d912cb15e987ddf2bda1

Url: https://www.facebook.com/security/advisories/CVE-2022-32234

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-32234

Url: https://www.mend.io/vulnerability-database/CVE-2022-32234

Severity Score

9.8

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Top Fix

Upgrade Version

Upgrade to version v0.12.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-32234

Good to know:

Date: October 10, 2022

Language: C++

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?