CVE-2021-24044 is a vulnerability in Facebook Hermes
Published on January 15, 2022
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.
Weakness Type
What is an Object Type Confusion Vulnerability?
The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
CVE-2021-24044 has been classified to as an Object Type Confusion vulnerability or weakness.
Products Associated with CVE-2021-24044
Want to know whenever a new CVE is published for Facebook Hermes? stack.watch will email you.
Affected Versions
Facebook Hermes:- Version 0.10.0 and below unspecified is unaffected.
- Version unspecified and below 0.10.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.