An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.

Related CVEs

CVE-2022-40138

Key Information

GHSA ID

GHSA-qg8w-6wvf-6vp6

Published

October 11, 2022 12:00 PM

Last Modified

October 12, 2022 12:00 PM

CVSS Score

9.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.