Skip to main content

Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2023-23557

Severity High
Score 9.8/10

Summary

An error in Hermes' algorithm for copying objects properties prior to hermes-2023-03-20-RNv0.72.0-49794cfc7c81fb8f69fd60c3bbf85a7480cc5a77 could be used by a malicious attacker to execute arbitrary code via Type Confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Advisory Timeline

  • Published