8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1912

GHSA ID

GHSA-pf27-929j-9pmm

EPSS Score

0.81186%

CWE

CWE-125

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-1912

CVE-2020-1912: Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1912

GHSA ID

GHSA-pf27-929j-9pmm

EPSS Score

0.81186%

CWE

CWE-125

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
hermes-engine	npm	<= 0.4.3	0.5.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of generator inner functions during lazy compilation. The commit adds 'isGeneratorInnerFunction' tracking through LazySource/LazyCompilationData structures. The vulnerable functions are those responsible for: 1) Generating ES5 functions (genES5Function) without properly setting the generator inner function flag, leading to incorrect scope chain resolution. 2) Lazy function restoration (doLazyFunction) that didn't account for generator context. These omissions would cause memory access miscalculations when resolving variables in nested generator functions, enabling OOB read/write through crafted JavaScript.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n out-o*-*oun*s r***/writ* vuln*r**ility w**n *x**utin* l*zily *ompil** inn*r **n*r*tor *un*tions in *****ook **rm*s prior to *ommit **************************************** *llows *tt**k*rs to pot*nti*lly *x**ut* *r*itr*ry *o** vi* *r**t** J*v*S*ri

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* **n*r*tor inn*r *un*tions *urin* l*zy *ompil*tion. T** *ommit ***s 'is**n*r*torInn*r*un*tion' tr**kin* t*rou** `L*zySour**/L*zy*ompil*tion**t*` stru*tur*s. T** vuln*r**l* *un*tions *r* t*os* r*sponsi*

8.1

Basic Information

Concerned about an active attack path?

CVE-2020-1912: Out-of-bounds Read and Out-of-bounds Write in Facebook Hermes

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI