← voltar
CVE-2023-24833

CVE-2023-24833

CVSS 7.5 HIGHEPSS 0.6%
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 mai 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Produtos afetados
Facebook · Hermes

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/facebook/hermes/commit/a6dcafe6ded8e61658b40f5699878cd19a481f80https://www.facebook.com/security/advisories/cve-2023-24833