What is CVE-2020-1914?

CVE-2020-1914 is a vulnerability in Facebook Hermes, classified under Always-Incorrect Control Flow Implementation. Published 2020-10-08.

Is CVE-2020-1914 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Facebook Hermes

CVE-2020-1914

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code vi…

EPSS: 0.014 (80.8th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions commit prior to b2021df620824627f5a8c96615edbd1eb7fdddfc

Weakness classification (CWE)

CWE-670 — Always-Incorrect Control Flow Implementation

Public proof-of-concept exploits

References

www.facebook.com/security/advisories/cve-2020-1914 (x_refsource_CONFIRM)
github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-1914?: CVE-2020-1914 is a vulnerability in Facebook Hermes, classified under Always-Incorrect Control Flow Implementation. Published 2020-10-08.
Is CVE-2020-1914 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.