However, the risk of a remote code execution can be mitigated by disabling remote access (e.g., via a firewall) and keeping the revision of the write to a minimum prior to commit. This can be easily verified by comparing the output of pwd before the commit and after. Any change in an out of bounds index will lead to a segmentation fault. This is not an issue with the code itself, but with the code review process and the revision control system, which is a result of the complex nature of distributed applications and the way in which they are reviewed. The community has started to adopt tools that assist in the code review process such as travis-ci and brew. This has improved the quality of the code review process and allowed the community to keep the revision of the out of bounds write to a minimum. However, any application using Hermes and handling large arrays should be aware of this potential risk.

Timeline

Published on: 10/11/2022 01:15:00 UTC
Last modified on: 10/11/2022 19:08:00 UTC

References