CVE-2021-24044
N/A
N/A
Summary
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Hermes | 0.10.0 < unspecified | unaffected | |
| Hermes | unspecified < 0.10.0 | affected |
Weaknesses
- CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.