What is CVE-2020-1912?

CVE-2020-1912 is a vulnerability in Facebook Hermes, classified under Out-of-bounds Write. Published 2020-09-09.

Is CVE-2020-1912 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Facebook Hermes

CVE-2020-1912

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via craft…

Vulnerability class: Buffer Overflow

EPSS: 0.016 (82.4th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions commit prior to 091835377369c8fd5917d9b87acffa721ad2a168

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

Public proof-of-concept exploits

References

www.facebook.com/security/advisories/cve-2020-1912 (x_refsource_CONFIRM)
github.com/facebook/hermes/commit/091835377369c8fd5917d9b87acffa721ad2a168 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-1912?: CVE-2020-1912 is a vulnerability in Facebook Hermes, classified under Out-of-bounds Write. Published 2020-09-09.
Is CVE-2020-1912 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.