ASB-A-221256678

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/ASB-A-221256678.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-221256678
Aliases
Published
2022-09-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In closeString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 27763.0,
                "function_hash": "194916051013109020439257286648267021551"
            },
            "id": "ASB-A-221256678-34904c4e",
            "source": "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "doProlog"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339326044285764152046173097361304582891",
                    "80189087112477729323498696954329671836",
                    "332728795067340892905178233217556801001",
                    "222029021349265669637245538079790074657",
                    "221317009947586808221619481242038985796",
                    "99349835761178515549295296412854684740",
                    "187269274721543235825387369240793720506",
                    "61317863099045868358128820708933024829",
                    "122050159338687557815072393947045263208",
                    "161136089803808513250300821260233738451",
                    "87078006104052797860574317967163509607",
                    "232327690192941995352027900811732422356",
                    "297867436599823948476812071841674933398",
                    "191058153855019843145782312493874618054",
                    "213207860056129544246399960674346981714",
                    "153277542590348788033796345559096625066",
                    "189143837280181008597514096578596137128",
                    "103054339028902983481167122157516390565",
                    "309889577854558010845876679495858090275",
                    "218126424916799469382031295780882932650"
                ]
            },
            "id": "ASB-A-221256678-8a81a85d",
            "source": "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-09-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339326044285764152046173097361304582891",
                    "37517056343669458741212050199709508032",
                    "35613909015179879119886763859434258788",
                    "184538079924971805284425482750745354605",
                    "37167670863099582326420273828710157536",
                    "128141464681805290033676726535339920132",
                    "146412106355233493138691733981388781214",
                    "218126424916799469382031295780882932650"
                ]
            },
            "id": "ASB-A-221256678-dde4366a",
            "source": "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 27964.0,
                "function_hash": "250342439851380564132105541905090514381"
            },
            "id": "ASB-A-221256678-e086e3c0",
            "source": "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "doProlog"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-09-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339326044285764152046173097361304582891",
                    "37517056343669458741212050199709508032",
                    "35613909015179879119886763859434258788",
                    "184538079924971805284425482750745354605",
                    "37167670863099582326420273828710157536",
                    "128141464681805290033676726535339920132",
                    "146412106355233493138691733981388781214",
                    "218126424916799469382031295780882932650"
                ]
            },
            "id": "ASB-A-221256678-406c5875",
            "source": "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 27964.0,
                "function_hash": "250342439851380564132105541905090514381"
            },
            "id": "ASB-A-221256678-9c24eb51",
            "source": "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "doProlog"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-09-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339326044285764152046173097361304582891",
                    "37517056343669458741212050199709508032",
                    "35613909015179879119886763859434258788",
                    "184538079924971805284425482750745354605",
                    "37167670863099582326420273828710157536",
                    "128141464681805290033676726535339920132",
                    "146412106355233493138691733981388781214",
                    "218126424916799469382031295780882932650"
                ]
            },
            "id": "ASB-A-221256678-799ae9e9",
            "source": "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 27964.0,
                "function_hash": "250342439851380564132105541905090514381"
            },
            "id": "ASB-A-221256678-9cace653",
            "source": "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "doProlog"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}