ASB-A-219942275
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-219942275.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-219942275
- Aliases
-
- A-219942275
- CVE-2022-22822
- Published
- 2022-09-01T00:00:00Z
- Modified
- 2025-11-18T16:17:57.446691Z
- Summary
- [none]
- Details
-
In storeAtts of xmlparse.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/expat
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-219942275-172765b4",
"target": {
"function": "build_model",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 428.0,
"function_hash": "179976131993151750528125585085579301895"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-1bbe7e88",
"target": {
"function": "addBinding",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 3470.0,
"function_hash": "144607037851536191895429127197354004944"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-62251be2",
"target": {
"function": "storeAtts",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 8685.0,
"function_hash": "80236641310749493488983546933386479997"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-7e875cd6",
"target": {
"function": "defineAttribute",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 1147.0,
"function_hash": "53507312955846466464698618564733633091"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-84579230",
"target": {
"function": "nextScaffoldPart",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 1180.0,
"function_hash": "71810207303697646971319438653387330853"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-84a7d46f",
"target": {
"function": "lookup",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"length": 2156.0,
"function_hash": "108642901590263511653063885036874946323"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-a8f39b40",
"target": {
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
"digest": {
"line_hashes": [
"223799819926058656319836144584163452693",
"285694765022870440959907623190863236245",
"124624278936175411774192493587400394934",
"5527740047189149474868937779060907523",
"207528506396819772716099548982043436018",
"64494957442579479067173847313406264471",
"185998065906355787466352314472966260772",
"93154500618235451685566345696181460043",
"211087526667399075377723518378173384441",
"227722335802688820752452539033408788869",
"287215835525873618889978931929925617892",
"135311281610499616668566237522620803453",
"229351667191596123456867218399513158242",
"181780448495663949899460749671558042549",
"340168848810194959957844508079343424789",
"114642229293748130665258357716488591956",
"42175792180550828494674126970015634366",
"88539272394041331906642501778333521955",
"134092145356801649550239270381674054072",
"130973380815226841209046850804112449038",
"10848183519571471490996467262754922632",
"195323324894612476920484531025145122349",
"289365183606170097292399720670681264771",
"59438059781642515853939429939701878115",
"78323446624387944043628811789596345174",
"142538869860603314192662672694267973585",
"175326988041607017106717838172671630114",
"127482269535855363128682556280168162736",
"206057180390636159222088931299221038447",
"257157183529682335826791755456358150451",
"261570518136910986990966008116145241440",
"21877875250761763351776709881304332805",
"121173072938223458767611727486965265061",
"189390920671744530938051528044356182004",
"244599306446007034311952899952619479101",
"141086976630520953252050422832015308904",
"157429159418352724047969455500551301154",
"52912980116624268126842191977178447493",
"288093603507052066714288040024101552083",
"49125355809116516078567349023687486440",
"140254909788755058986255047935358022022",
"59945357194085835472548739679934699074",
"327654197725855225967403094038594547918",
"50414283785912038896358700672411907049",
"88533279415329437471671070878966509120",
"225808841637412556486800610078055148838",
"195628374370582671298812719389189974861",
"133762674333171622001383136931585174015",
"130096525224016876536526178520947425275",
"186012461785052513837297811230796192709"
],
"threshold": 0.9
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a"
],
"spl": "2022-09-01"
}
Android / platform/external/expat
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-219942275-15be89e3",
"target": {
"function": "storeAtts",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 8685.0,
"function_hash": "80236641310749493488983546933386479997"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-2f08dcc1",
"target": {
"function": "lookup",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 2156.0,
"function_hash": "108642901590263511653063885036874946323"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-6f155105",
"target": {
"function": "addBinding",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 3470.0,
"function_hash": "144607037851536191895429127197354004944"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-76c3dcc3",
"target": {
"function": "build_model",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 428.0,
"function_hash": "179976131993151750528125585085579301895"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-7f15e7eb",
"target": {
"function": "defineAttribute",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 1147.0,
"function_hash": "53507312955846466464698618564733633091"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-ab60e499",
"target": {
"function": "nextScaffoldPart",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"length": 1180.0,
"function_hash": "71810207303697646971319438653387330853"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-d1f3a08b",
"target": {
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
"digest": {
"line_hashes": [
"223799819926058656319836144584163452693",
"285694765022870440959907623190863236245",
"124624278936175411774192493587400394934",
"5527740047189149474868937779060907523",
"207528506396819772716099548982043436018",
"64494957442579479067173847313406264471",
"185998065906355787466352314472966260772",
"93154500618235451685566345696181460043",
"23395259181702376629101269846025809178",
"203874545052483936785971797497744476556",
"327050376575102936830000429655841785546",
"135311281610499616668566237522620803453",
"308414355371498134587000568041602526949",
"333073980410237437756842058150512999863",
"99404388748626481065000561953632897220",
"114642229293748130665258357716488591956",
"42175792180550828494674126970015634366",
"88539272394041331906642501778333521955",
"134092145356801649550239270381674054072",
"130973380815226841209046850804112449038",
"10848183519571471490996467262754922632",
"195323324894612476920484531025145122349",
"289365183606170097292399720670681264771",
"48395394706863834050321886629054441195",
"78323446624387944043628811789596345174",
"142538869860603314192662672694267973585",
"205507834500794947628470265847326052081",
"84524653045140711188240093439392617108",
"215015690880889517476756286454261892829",
"105466941644625063994769240130645816043",
"313802660918175977502601550073561827351",
"66662981884611705583149282912468184287",
"41520815539834275642782226874305203845",
"189390920671744530938051528044356182004",
"244599306446007034311952899952619479101",
"141086976630520953252050422832015308904",
"157429159418352724047969455500551301154",
"52912980116624268126842191977178447493",
"288093603507052066714288040024101552083",
"49125355809116516078567349023687486440",
"140254909788755058986255047935358022022",
"59945357194085835472548739679934699074",
"18043944618647772873859678615861009522",
"50414283785912038896358700672411907049",
"88533279415329437471671070878966509120",
"225808841637412556486800610078055148838",
"195628374370582671298812719389189974861",
"133762674333171622001383136931585174015",
"130096525224016876536526178520947425275",
"186012461785052513837297811230796192709"
],
"threshold": 0.9
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd"
],
"spl": "2022-09-01"
}
Android / platform/external/expat
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-219942275-0e6b5a82",
"target": {
"function": "addBinding",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 3470.0,
"function_hash": "144607037851536191895429127197354004944"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-16ab8126",
"target": {
"function": "storeAtts",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 8685.0,
"function_hash": "80236641310749493488983546933386479997"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-6598aa44",
"target": {
"function": "build_model",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 428.0,
"function_hash": "179976131993151750528125585085579301895"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-6e107c90",
"target": {
"function": "defineAttribute",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 1147.0,
"function_hash": "53507312955846466464698618564733633091"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-992a7222",
"target": {
"function": "lookup",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 2156.0,
"function_hash": "108642901590263511653063885036874946323"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-d9a5e525",
"target": {
"function": "nextScaffoldPart",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"length": 1180.0,
"function_hash": "71810207303697646971319438653387330853"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-fb44444c",
"target": {
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
"digest": {
"line_hashes": [
"223799819926058656319836144584163452693",
"285694765022870440959907623190863236245",
"124624278936175411774192493587400394934",
"5527740047189149474868937779060907523",
"207528506396819772716099548982043436018",
"64494957442579479067173847313406264471",
"185998065906355787466352314472966260772",
"93154500618235451685566345696181460043",
"23395259181702376629101269846025809178",
"203874545052483936785971797497744476556",
"327050376575102936830000429655841785546",
"135311281610499616668566237522620803453",
"308414355371498134587000568041602526949",
"333073980410237437756842058150512999863",
"99404388748626481065000561953632897220",
"114642229293748130665258357716488591956",
"42175792180550828494674126970015634366",
"88539272394041331906642501778333521955",
"134092145356801649550239270381674054072",
"130973380815226841209046850804112449038",
"10848183519571471490996467262754922632",
"195323324894612476920484531025145122349",
"289365183606170097292399720670681264771",
"48395394706863834050321886629054441195",
"78323446624387944043628811789596345174",
"142538869860603314192662672694267973585",
"205507834500794947628470265847326052081",
"84524653045140711188240093439392617108",
"215015690880889517476756286454261892829",
"105466941644625063994769240130645816043",
"313802660918175977502601550073561827351",
"66662981884611705583149282912468184287",
"41520815539834275642782226874305203845",
"189390920671744530938051528044356182004",
"244599306446007034311952899952619479101",
"141086976630520953252050422832015308904",
"157429159418352724047969455500551301154",
"52912980116624268126842191977178447493",
"288093603507052066714288040024101552083",
"49125355809116516078567349023687486440",
"140254909788755058986255047935358022022",
"59945357194085835472548739679934699074",
"18043944618647772873859678615861009522",
"50414283785912038896358700672411907049",
"88533279415329437471671070878966509120",
"225808841637412556486800610078055148838",
"195628374370582671298812719389189974861",
"133762674333171622001383136931585174015",
"130096525224016876536526178520947425275",
"186012461785052513837297811230796192709"
],
"threshold": 0.9
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5"
],
"spl": "2022-09-01"
}
Android / platform/external/expat
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-219942275-29947244",
"target": {
"function": "nextScaffoldPart",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 1180.0,
"function_hash": "71810207303697646971319438653387330853"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-443251c8",
"target": {
"function": "addBinding",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 3470.0,
"function_hash": "144607037851536191895429127197354004944"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-53eb6e65",
"target": {
"function": "defineAttribute",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 1147.0,
"function_hash": "53507312955846466464698618564733633091"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-6794d9b2",
"target": {
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"line_hashes": [
"223799819926058656319836144584163452693",
"285694765022870440959907623190863236245",
"124624278936175411774192493587400394934",
"5527740047189149474868937779060907523",
"207528506396819772716099548982043436018",
"64494957442579479067173847313406264471",
"185998065906355787466352314472966260772",
"93154500618235451685566345696181460043",
"23395259181702376629101269846025809178",
"203874545052483936785971797497744476556",
"327050376575102936830000429655841785546",
"135311281610499616668566237522620803453",
"308414355371498134587000568041602526949",
"333073980410237437756842058150512999863",
"99404388748626481065000561953632897220",
"114642229293748130665258357716488591956",
"42175792180550828494674126970015634366",
"88539272394041331906642501778333521955",
"134092145356801649550239270381674054072",
"130973380815226841209046850804112449038",
"10848183519571471490996467262754922632",
"195323324894612476920484531025145122349",
"289365183606170097292399720670681264771",
"48395394706863834050321886629054441195",
"78323446624387944043628811789596345174",
"142538869860603314192662672694267973585",
"205507834500794947628470265847326052081",
"84524653045140711188240093439392617108",
"215015690880889517476756286454261892829",
"105466941644625063994769240130645816043",
"313802660918175977502601550073561827351",
"66662981884611705583149282912468184287",
"41520815539834275642782226874305203845",
"189390920671744530938051528044356182004",
"244599306446007034311952899952619479101",
"141086976630520953252050422832015308904",
"157429159418352724047969455500551301154",
"52912980116624268126842191977178447493",
"288093603507052066714288040024101552083",
"49125355809116516078567349023687486440",
"140254909788755058986255047935358022022",
"59945357194085835472548739679934699074",
"18043944618647772873859678615861009522",
"50414283785912038896358700672411907049",
"88533279415329437471671070878966509120",
"225808841637412556486800610078055148838",
"195628374370582671298812719389189974861",
"133762674333171622001383136931585174015",
"130096525224016876536526178520947425275",
"186012461785052513837297811230796192709"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "ASB-A-219942275-8d7a331f",
"target": {
"function": "lookup",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 2156.0,
"function_hash": "108642901590263511653063885036874946323"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-e706cd6c",
"target": {
"function": "build_model",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 428.0,
"function_hash": "179976131993151750528125585085579301895"
},
"signature_type": "Function"
},
{
"id": "ASB-A-219942275-e82d78e0",
"target": {
"function": "storeAtts",
"file": "lib/xmlparse.c"
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
"digest": {
"length": 8685.0,
"function_hash": "80236641310749493488983546933386479997"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949"
],
"spl": "2022-09-01"
}