Out-of-bounds Read in Facebook Hermes

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScri…

Vulnerability class: Buffer Overflow

EPSS: 0.011 (78.3th percentile) — read the EPSS interpretation.

Affected products

Facebook Hermes — versions commit prior to 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

www.facebook.com/security/advisories/cve-2020-1915 (x_refsource_CONFIRM)
github.com/facebook/hermes/commit/8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 (x_refsource_CONFIRM)