Buffer overflow in Facebook Hermes

CVE-2020-1896

A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially…

Vulnerability class: Buffer Overflow

EPSS: 0.025 (85.8th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions commit prior to 86543ac47e59c522976b5632b8bf9a2a4583c7d2

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

References

www.facebook.com/security/advisories/cve-2020-1896 (x_refsource_CONFIRM)
github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2 (x_refsource_CONFIRM)