Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2021-24045

High

9.8/10

Summary

A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

References

Advisory
Advisory

Advisory Timeline

Published Dec 13, 2021

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2021-24045

Summary

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS