CVE-2022-27810

Summary

It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.

Affected Software

VendorProductVersion RangeStatus
FacebookHermes0.12.0 < unspecifiedunaffected
FacebookHermesunspecified < 0.12.0affected

Weaknesses

  • CWE-674: CWE-674: Uncontrolled Recursion

ADP Enrichment

CVE Program Container

Additional References

References