ASB-A-221384482
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-221384482.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-221384482
- Aliases
-
- A-221384482
- CVE-2022-25314
- Published
- 2022-09-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
(from https://nvd.nist.gov/vuln/detail/CVE-2022-25314) In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
In copyString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/expat
Package
Ecosystem specific
{
"spl": "2022-09-01",
"vanir_signatures": [
{
"id": "ASB-A-221384482-bc0ed9d9",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/expat/+/e25c84037506951dfe74a5fae1627fe22bc0ebf4",
"target": {
"file": "lib/xmlparse.c"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"251351171225339159845890553705570564797",
"164918534945545609943095131435131728788",
"21341780531121385281976066736211690096",
"58231789298183371698712259707035082402"
],
"threshold": 0.9
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/e25c84037506951dfe74a5fae1627fe22bc0ebf4"
]
}
Android / platform/external/expat
Package
Ecosystem specific
{
"spl": "2022-09-01",
"vanir_signatures": [
{
"id": "ASB-A-221384482-14bfa805",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/expat/+/72de6c81aa02d48ed86b96d2e29d773086fb7d4c",
"target": {
"file": "lib/xmlparse.c"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"153767891610917889605003169127446491132",
"44913918909586163993101308885805781242",
"157451433911188244556951417651835841343",
"58231789298183371698712259707035082402"
],
"threshold": 0.9
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/72de6c81aa02d48ed86b96d2e29d773086fb7d4c"
]
}
Android / platform/external/expat
Package
Ecosystem specific
{
"spl": "2022-09-01",
"vanir_signatures": [
{
"id": "ASB-A-221384482-feca0826",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/expat/+/fe3486a743af350becbed5cf10a56195a4a8756f",
"target": {
"file": "lib/xmlparse.c"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"153767891610917889605003169127446491132",
"44913918909586163993101308885805781242",
"157451433911188244556951417651835841343",
"58231789298183371698712259707035082402"
],
"threshold": 0.9
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/fe3486a743af350becbed5cf10a56195a4a8756f"
]
}
Android / platform/external/expat
Package
Ecosystem specific
{
"spl": "2022-09-01",
"vanir_signatures": [
{
"id": "ASB-A-221384482-7d370f05",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/external/expat/+/16ca7a9401c288814a087b7d5992683eb2d93605",
"target": {
"file": "lib/xmlparse.c"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"153767891610917889605003169127446491132",
"44913918909586163993101308885805781242",
"157451433911188244556951417651835841343",
"58231789298183371698712259707035082402"
],
"threshold": 0.9
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/16ca7a9401c288814a087b7d5992683eb2d93605"
]
}