CVE-2023-23557 - Vulnerability Details - OpenCVE

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Facebook	Hermes

Configuration 1 [-]

cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad
https://www.facebook.com/security/advisories/cve-2023-23557

History

Tue, 21 Jan 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: facebook

Published: 2023-05-18T21:19:41.668Z

Updated: 2025-01-21T21:20:13.134Z

Reserved: 2023-01-12T23:36:42.921Z

Link: CVE-2023-23557

Vulnrichment

Updated: 2024-08-02T10:35:33.573Z

NVD

Status : Modified

Published: 2023-05-18T22:15:09.540

Modified: 2025-01-21T22:15:09.520

Link: CVE-2023-23557

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23557", "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "state": "PUBLISHED", "assignerShortName": "facebook", "dateReserved": "2023-01-12T23:36:42.921Z", "datePublished": "2023-05-18T21:19:41.668Z", "dateUpdated": "2025-01-21T21:20:13.134Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hermes", "vendor": "Facebook", "versions": [{"lessThan": "a00d237346894c6067a594983be6634f4168c9ad", "status": "affected", "version": "0", "versionType": "git"}]}], "dateAssigned": "2023-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."}], "problemTypes": [{"descriptions": [{"description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", "lang": "en"}]}], "providerMetadata": {"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook", "dateUpdated": "2023-05-18T21:19:41.668Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.facebook.com/security/advisories/cve-2023-23557"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.573Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.facebook.com/security/advisories/cve-2023-23557"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-843", "lang": "en", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T21:19:48.256570Z", "id": "CVE-2023-23557", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T21:20:13.134Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.facebook.com/security/advisories/cve-2023-23557", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T10:35:33.573Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-23557", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-21T21:19:48.256570Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T21:20:07.614Z"}}], "cna": {"affected": [{"vendor": "Facebook", "product": "Hermes", "versions": [{"status": "affected", "version": "0", "lessThan": "a00d237346894c6067a594983be6634f4168c9ad", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.facebook.com/security/advisories/cve-2023-23557", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad", "tags": ["x_refsource_MISC"]}], "dateAssigned": "2023-01-12T00:00:00", "descriptions": [{"lang": "en", "value": "An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook", "dateUpdated": "2023-05-18T21:19:41.668Z"}}}, "cveMetadata": {"cveId": "CVE-2023-23557", "state": "PUBLISHED", "dateUpdated": "2025-01-21T21:20:13.134Z", "dateReserved": "2023-01-12T23:36:42.921Z", "assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "datePublished": "2023-05-18T21:19:41.668Z", "assignerShortName": "facebook"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:facebook:hermes:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3F86788-10E5-4DD4-99DA-865FDD9C7FD8", "versionEndExcluding": "2023-01-10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."}], "id": "CVE-2023-23557", "lastModified": "2025-01-21T22:15:09.520", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-18T22:15:09.540", "references": [{"source": "cve-assign@fb.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad"}, {"source": "cve-assign@fb.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2023-23557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/facebook/hermes/commit/a00d237346894c6067a594983be6634f4168c9ad"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2023-23557"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-843"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}