Publish CVE-2022-40138

2025-07-30 18:04:30 +00:00 · 2022-10-10 18:30:27 -07:00 · 2022-10-10 18:30:27 -07:00 · 427a38d36f
commit 427a38d36f
parent 718ccff25b
1 changed files with 57 additions and 6 deletions
--- a/2022/40xxx/CVE-2022-40138.json
+++ b/2022/40xxx/CVE-2022-40138.json
@ -1,17 +1,68 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "cve-assign@fb.com",
+        "DATE_ASSIGNED": "2022-09-06",
        "ID": "CVE-2022-40138",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Facebook",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Hermes",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "commit prior to 6aa825e480d48127b480b08d13adf70033237097"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-681: Incorrect Conversion between Numeric Types"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097",
+                "url": "https://github.com/facebook/hermes/commit/6aa825e480d48127b480b08d13adf70033237097"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://www.facebook.com/security/advisories/CVE-2022-40138",
+                "url": "https://www.facebook.com/security/advisories/CVE-2022-40138"
            }
        ]
    }