CVE-2023-23556

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-787
View all →

Vulnerability Description

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Related Vulnerabilities

CVE-2007-0899

CRITICAL
CVSS:9.8(Critical)

There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

CWE-7872007

CVE-2010-4344

CRITICAL
CVSS:9.8(Critical)

Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conju...

CWE-7872010

CVE-2011-1180

CRITICAL
CVSS:9.8(Critical)

Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory...

CWE-7872011

CVE-2011-2462

CRITICAL
CVSS:9.8(Critical)

Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute ar...

CWE-7872011

CVE-2011-4372

CRITICAL
CVSS:9.8(Critical)

Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors,...

CWE-7872011