CVE-2020-1914
First published: Thu Oct 08 2020(Updated: )
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Credit: cve-assign@fb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Facebook Hermes | <2020-10-01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-1914?
CVE-2020-1914 is a logic vulnerability in Facebook Hermes that allows attackers to potentially read out of bounds or execute arbitrary code via crafted JavaScript.
What is the severity of CVE-2020-1914?
The severity of CVE-2020-1914 is critical with a score of 9.8.
How does CVE-2020-1914 affect Facebook Hermes?
CVE-2020-1914 affects Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc.
What is the Common Weakness Enumeration (CWE) associated with CVE-2020-1914?
CVE-2020-1914 is associated with CWE-670 and CWE-1119.
Is there a reference for CVE-2020-1914?
Yes, you can find more information about CVE-2020-1914 at the following references: - [GitHub Commit](https://github.com/facebook/hermes/commit/b2021df620824627f5a8c96615edbd1eb7fdddfc) - [Facebook Security Advisories](https://www.facebook.com/security/advisories/cve-2020-1914)
- collector/nvd-index
- vendor/facebook
- canonical/facebook hermes