9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1914

GHSA ID

GHSA-327c-qx3v-h673

EPSS Score

0.73865%

CWE

CWE-670

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-1914

CVE-2020-1914: Always-Incorrect Control Flow Implementation in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

(GitHub Advisory)

9.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-1914

GHSA ID

GHSA-327c-qx3v-h673

EPSS Score

0.73865%

CWE

CWE-670

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
hermes-engine	npm	<= 0.7.1	0.7.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper instruction pointer handling in the interpreter loop for SaveGeneratorLong. The pre-patch code used a shared code path (doSaveGen) that set 'ip = NEXTINST(SaveGenerator)' regardless of whether the original instruction was SaveGenerator or SaveGeneratorLong. This failed to account for the longer instruction format, causing incorrect IP calculation. The patch specifically addresses this by using NEXTINST with the correct instruction type for each case.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* lo*i* vuln*r**ility w**n **n*lin* t** S*v***n*r*torLon* instru*tion in *****ook **rm*s prior to *ommit **************************************** *llows *tt**k*rs to pot*nti*lly r*** out o* *oun*s or t**or*ti**lly *x**ut* *r*itr*ry *o** vi* *r**t** J

Reasoning

T** vuln*r**ility st*mm** *rom improp*r instru*tion point*r **n*lin* in t** int*rpr*t*r loop *or `S*v***n*r*torLon*`. T** pr*-p*t** *o** us** * s**r** *o** p*t* (`*oS*v***n`) t**t s*t 'ip = N*XTINST(`S*v***n*r*tor`)' r***r*l*ss o* w**t**r t** ori*in*

9.8

Basic Information

Concerned about an active attack path?

CVE-2020-1914: Always-Incorrect Control Flow Implementation in Facebook Hermes

9.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI