ASB-A-219942275

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-219942275.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-219942275
Aliases
Published
2022-09-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In storeAtts of xmlparse.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 428.0,
                "function_hash": "179976131993151750528125585085579301895"
            },
            "id": "ASB-A-219942275-172765b4",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "build_model"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3470.0,
                "function_hash": "144607037851536191895429127197354004944"
            },
            "id": "ASB-A-219942275-1bbe7e88",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "addBinding"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 8685.0,
                "function_hash": "80236641310749493488983546933386479997"
            },
            "id": "ASB-A-219942275-62251be2",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "storeAtts"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1147.0,
                "function_hash": "53507312955846466464698618564733633091"
            },
            "id": "ASB-A-219942275-7e875cd6",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "defineAttribute"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1180.0,
                "function_hash": "71810207303697646971319438653387330853"
            },
            "id": "ASB-A-219942275-84579230",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "nextScaffoldPart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2156.0,
                "function_hash": "108642901590263511653063885036874946323"
            },
            "id": "ASB-A-219942275-84a7d46f",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "lookup"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223799819926058656319836144584163452693",
                    "285694765022870440959907623190863236245",
                    "124624278936175411774192493587400394934",
                    "5527740047189149474868937779060907523",
                    "207528506396819772716099548982043436018",
                    "64494957442579479067173847313406264471",
                    "185998065906355787466352314472966260772",
                    "93154500618235451685566345696181460043",
                    "211087526667399075377723518378173384441",
                    "227722335802688820752452539033408788869",
                    "287215835525873618889978931929925617892",
                    "135311281610499616668566237522620803453",
                    "229351667191596123456867218399513158242",
                    "181780448495663949899460749671558042549",
                    "340168848810194959957844508079343424789",
                    "114642229293748130665258357716488591956",
                    "42175792180550828494674126970015634366",
                    "88539272394041331906642501778333521955",
                    "134092145356801649550239270381674054072",
                    "130973380815226841209046850804112449038",
                    "10848183519571471490996467262754922632",
                    "195323324894612476920484531025145122349",
                    "289365183606170097292399720670681264771",
                    "59438059781642515853939429939701878115",
                    "78323446624387944043628811789596345174",
                    "142538869860603314192662672694267973585",
                    "175326988041607017106717838172671630114",
                    "127482269535855363128682556280168162736",
                    "206057180390636159222088931299221038447",
                    "257157183529682335826791755456358150451",
                    "261570518136910986990966008116145241440",
                    "21877875250761763351776709881304332805",
                    "121173072938223458767611727486965265061",
                    "189390920671744530938051528044356182004",
                    "244599306446007034311952899952619479101",
                    "141086976630520953252050422832015308904",
                    "157429159418352724047969455500551301154",
                    "52912980116624268126842191977178447493",
                    "288093603507052066714288040024101552083",
                    "49125355809116516078567349023687486440",
                    "140254909788755058986255047935358022022",
                    "59945357194085835472548739679934699074",
                    "327654197725855225967403094038594547918",
                    "50414283785912038896358700672411907049",
                    "88533279415329437471671070878966509120",
                    "225808841637412556486800610078055148838",
                    "195628374370582671298812719389189974861",
                    "133762674333171622001383136931585174015",
                    "130096525224016876536526178520947425275",
                    "186012461785052513837297811230796192709"
                ]
            },
            "id": "ASB-A-219942275-a8f39b40",
            "source": "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/15a1f35dddde9c1a0a626972349a59642abd345a"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-09-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 8685.0,
                "function_hash": "80236641310749493488983546933386479997"
            },
            "id": "ASB-A-219942275-15be89e3",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "storeAtts"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2156.0,
                "function_hash": "108642901590263511653063885036874946323"
            },
            "id": "ASB-A-219942275-2f08dcc1",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "lookup"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3470.0,
                "function_hash": "144607037851536191895429127197354004944"
            },
            "id": "ASB-A-219942275-6f155105",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "addBinding"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 428.0,
                "function_hash": "179976131993151750528125585085579301895"
            },
            "id": "ASB-A-219942275-76c3dcc3",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "build_model"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1147.0,
                "function_hash": "53507312955846466464698618564733633091"
            },
            "id": "ASB-A-219942275-7f15e7eb",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "defineAttribute"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1180.0,
                "function_hash": "71810207303697646971319438653387330853"
            },
            "id": "ASB-A-219942275-ab60e499",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "nextScaffoldPart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223799819926058656319836144584163452693",
                    "285694765022870440959907623190863236245",
                    "124624278936175411774192493587400394934",
                    "5527740047189149474868937779060907523",
                    "207528506396819772716099548982043436018",
                    "64494957442579479067173847313406264471",
                    "185998065906355787466352314472966260772",
                    "93154500618235451685566345696181460043",
                    "23395259181702376629101269846025809178",
                    "203874545052483936785971797497744476556",
                    "327050376575102936830000429655841785546",
                    "135311281610499616668566237522620803453",
                    "308414355371498134587000568041602526949",
                    "333073980410237437756842058150512999863",
                    "99404388748626481065000561953632897220",
                    "114642229293748130665258357716488591956",
                    "42175792180550828494674126970015634366",
                    "88539272394041331906642501778333521955",
                    "134092145356801649550239270381674054072",
                    "130973380815226841209046850804112449038",
                    "10848183519571471490996467262754922632",
                    "195323324894612476920484531025145122349",
                    "289365183606170097292399720670681264771",
                    "48395394706863834050321886629054441195",
                    "78323446624387944043628811789596345174",
                    "142538869860603314192662672694267973585",
                    "205507834500794947628470265847326052081",
                    "84524653045140711188240093439392617108",
                    "215015690880889517476756286454261892829",
                    "105466941644625063994769240130645816043",
                    "313802660918175977502601550073561827351",
                    "66662981884611705583149282912468184287",
                    "41520815539834275642782226874305203845",
                    "189390920671744530938051528044356182004",
                    "244599306446007034311952899952619479101",
                    "141086976630520953252050422832015308904",
                    "157429159418352724047969455500551301154",
                    "52912980116624268126842191977178447493",
                    "288093603507052066714288040024101552083",
                    "49125355809116516078567349023687486440",
                    "140254909788755058986255047935358022022",
                    "59945357194085835472548739679934699074",
                    "18043944618647772873859678615861009522",
                    "50414283785912038896358700672411907049",
                    "88533279415329437471671070878966509120",
                    "225808841637412556486800610078055148838",
                    "195628374370582671298812719389189974861",
                    "133762674333171622001383136931585174015",
                    "130096525224016876536526178520947425275",
                    "186012461785052513837297811230796192709"
                ]
            },
            "id": "ASB-A-219942275-d1f3a08b",
            "source": "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/d69c95de710f6a362ca4a7e7e7dca411955771dd"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-09-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 3470.0,
                "function_hash": "144607037851536191895429127197354004944"
            },
            "id": "ASB-A-219942275-0e6b5a82",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "addBinding"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 8685.0,
                "function_hash": "80236641310749493488983546933386479997"
            },
            "id": "ASB-A-219942275-16ab8126",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "storeAtts"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 428.0,
                "function_hash": "179976131993151750528125585085579301895"
            },
            "id": "ASB-A-219942275-6598aa44",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "build_model"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1147.0,
                "function_hash": "53507312955846466464698618564733633091"
            },
            "id": "ASB-A-219942275-6e107c90",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "defineAttribute"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2156.0,
                "function_hash": "108642901590263511653063885036874946323"
            },
            "id": "ASB-A-219942275-992a7222",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "lookup"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1180.0,
                "function_hash": "71810207303697646971319438653387330853"
            },
            "id": "ASB-A-219942275-d9a5e525",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "nextScaffoldPart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223799819926058656319836144584163452693",
                    "285694765022870440959907623190863236245",
                    "124624278936175411774192493587400394934",
                    "5527740047189149474868937779060907523",
                    "207528506396819772716099548982043436018",
                    "64494957442579479067173847313406264471",
                    "185998065906355787466352314472966260772",
                    "93154500618235451685566345696181460043",
                    "23395259181702376629101269846025809178",
                    "203874545052483936785971797497744476556",
                    "327050376575102936830000429655841785546",
                    "135311281610499616668566237522620803453",
                    "308414355371498134587000568041602526949",
                    "333073980410237437756842058150512999863",
                    "99404388748626481065000561953632897220",
                    "114642229293748130665258357716488591956",
                    "42175792180550828494674126970015634366",
                    "88539272394041331906642501778333521955",
                    "134092145356801649550239270381674054072",
                    "130973380815226841209046850804112449038",
                    "10848183519571471490996467262754922632",
                    "195323324894612476920484531025145122349",
                    "289365183606170097292399720670681264771",
                    "48395394706863834050321886629054441195",
                    "78323446624387944043628811789596345174",
                    "142538869860603314192662672694267973585",
                    "205507834500794947628470265847326052081",
                    "84524653045140711188240093439392617108",
                    "215015690880889517476756286454261892829",
                    "105466941644625063994769240130645816043",
                    "313802660918175977502601550073561827351",
                    "66662981884611705583149282912468184287",
                    "41520815539834275642782226874305203845",
                    "189390920671744530938051528044356182004",
                    "244599306446007034311952899952619479101",
                    "141086976630520953252050422832015308904",
                    "157429159418352724047969455500551301154",
                    "52912980116624268126842191977178447493",
                    "288093603507052066714288040024101552083",
                    "49125355809116516078567349023687486440",
                    "140254909788755058986255047935358022022",
                    "59945357194085835472548739679934699074",
                    "18043944618647772873859678615861009522",
                    "50414283785912038896358700672411907049",
                    "88533279415329437471671070878966509120",
                    "225808841637412556486800610078055148838",
                    "195628374370582671298812719389189974861",
                    "133762674333171622001383136931585174015",
                    "130096525224016876536526178520947425275",
                    "186012461785052513837297811230796192709"
                ]
            },
            "id": "ASB-A-219942275-fb44444c",
            "source": "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/67d6d8dfef9af2be3b915614e224778eda943ea5"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/expat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-09-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1180.0,
                "function_hash": "71810207303697646971319438653387330853"
            },
            "id": "ASB-A-219942275-29947244",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "nextScaffoldPart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3470.0,
                "function_hash": "144607037851536191895429127197354004944"
            },
            "id": "ASB-A-219942275-443251c8",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "addBinding"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1147.0,
                "function_hash": "53507312955846466464698618564733633091"
            },
            "id": "ASB-A-219942275-53eb6e65",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "defineAttribute"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223799819926058656319836144584163452693",
                    "285694765022870440959907623190863236245",
                    "124624278936175411774192493587400394934",
                    "5527740047189149474868937779060907523",
                    "207528506396819772716099548982043436018",
                    "64494957442579479067173847313406264471",
                    "185998065906355787466352314472966260772",
                    "93154500618235451685566345696181460043",
                    "23395259181702376629101269846025809178",
                    "203874545052483936785971797497744476556",
                    "327050376575102936830000429655841785546",
                    "135311281610499616668566237522620803453",
                    "308414355371498134587000568041602526949",
                    "333073980410237437756842058150512999863",
                    "99404388748626481065000561953632897220",
                    "114642229293748130665258357716488591956",
                    "42175792180550828494674126970015634366",
                    "88539272394041331906642501778333521955",
                    "134092145356801649550239270381674054072",
                    "130973380815226841209046850804112449038",
                    "10848183519571471490996467262754922632",
                    "195323324894612476920484531025145122349",
                    "289365183606170097292399720670681264771",
                    "48395394706863834050321886629054441195",
                    "78323446624387944043628811789596345174",
                    "142538869860603314192662672694267973585",
                    "205507834500794947628470265847326052081",
                    "84524653045140711188240093439392617108",
                    "215015690880889517476756286454261892829",
                    "105466941644625063994769240130645816043",
                    "313802660918175977502601550073561827351",
                    "66662981884611705583149282912468184287",
                    "41520815539834275642782226874305203845",
                    "189390920671744530938051528044356182004",
                    "244599306446007034311952899952619479101",
                    "141086976630520953252050422832015308904",
                    "157429159418352724047969455500551301154",
                    "52912980116624268126842191977178447493",
                    "288093603507052066714288040024101552083",
                    "49125355809116516078567349023687486440",
                    "140254909788755058986255047935358022022",
                    "59945357194085835472548739679934699074",
                    "18043944618647772873859678615861009522",
                    "50414283785912038896358700672411907049",
                    "88533279415329437471671070878966509120",
                    "225808841637412556486800610078055148838",
                    "195628374370582671298812719389189974861",
                    "133762674333171622001383136931585174015",
                    "130096525224016876536526178520947425275",
                    "186012461785052513837297811230796192709"
                ]
            },
            "id": "ASB-A-219942275-6794d9b2",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2156.0,
                "function_hash": "108642901590263511653063885036874946323"
            },
            "id": "ASB-A-219942275-8d7a331f",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "lookup"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 428.0,
                "function_hash": "179976131993151750528125585085579301895"
            },
            "id": "ASB-A-219942275-e706cd6c",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "build_model"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 8685.0,
                "function_hash": "80236641310749493488983546933386479997"
            },
            "id": "ASB-A-219942275-e82d78e0",
            "source": "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "lib/xmlparse.c",
                "function": "storeAtts"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/expat/+/d40d805e85e9b64725fbdc863ea099f30d0dc949"
    ],
    "spl": "2022-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}