9.8 - CVE-2021-24037

Executive Summary

Informations
Name	CVE-2021-24037	First vendor Publication	2021-06-15
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	9.8
Base Score	9.8	Environmental Score	9.8
impact SubScore	5.9	Temporal Score	9.8
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24037

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-416	Use After Free

CPE : Common Platform Enumeration

Type	Description	Count
Application	Facebook Hermes cpe:2.3:a:facebook:hermes:::::::: cpe:2.3:a:facebook:hermes:-:::::::*	2

Sources (Detail)

https://github.com/facebook/hermes/commit/d86e185e485b6330216dee8e854455c694e...
https://www.facebook.com/security/advisories/CVE-2021-24037

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 13:53:33	Multiple Updates
2023-05-27 02:05:32	Multiple Updates
2021-06-24 00:22:49	Multiple Updates
2021-06-16 17:22:48	Multiple Updates
2021-06-16 05:22:52	First insertion