CVE-2020-1914: 
JavaScript vulnerability analysis and mitigation

A logic vulnerability was discovered in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc that affects the handling of the SaveGeneratorLong instruction. This vulnerability allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Importantly, this vulnerability is only exploitable in cases where Hermes is used to execute untrusted JavaScript, meaning most React Native applications are not affected (NVD).

The vulnerability stems from a logic error in handling the SaveGeneratorLong instruction, where it would accidentally jump to the wrong next instruction based on how long SaveGenerator was. The issue was fixed by creating a callout function to handle the common case and managing the dispatch within each case of the interpreter loop. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow attackers to read out of bounds memory or potentially execute arbitrary code through specially crafted JavaScript. However, the impact is limited to applications that specifically allow the execution of untrusted JavaScript code within the Hermes environment (NVD).

The vulnerability was fixed in commit b2021df620824627f5a8c96615edbd1eb7fdddfc. The fix involves modifying how the SaveGeneratorLong instruction is handled by implementing a proper dispatch mechanism within the interpreter loop. Users should update to a version of Hermes that includes this commit (Github Commit).