Infinite Recursion in Hermes (0.11) devmode only
CVE-2022-27810 Published on October 6, 2022
It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.
Weakness Type
What is a Stack Exhaustion Vulnerability?
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
CVE-2022-27810 has been classified to as a Stack Exhaustion vulnerability or weakness.
Products Associated with CVE-2022-27810
Want to know whenever a new CVE is published for Facebook Hermes? stack.watch will email you.
Affected Versions
Facebook Hermes:- Version 0.12.0 and below unspecified is unaffected.
- Version unspecified and below 0.12.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.