In closeString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 27763.0, "function_hash": "194916051013109020439257286648267021551" }, "id": "ASB-A-221256678-34904c4e", "source": "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c", "function": "doProlog" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "339326044285764152046173097361304582891", "80189087112477729323498696954329671836", "332728795067340892905178233217556801001", "222029021349265669637245538079790074657", "221317009947586808221619481242038985796", "99349835761178515549295296412854684740", "187269274721543235825387369240793720506", "61317863099045868358128820708933024829", "122050159338687557815072393947045263208", "161136089803808513250300821260233738451", "87078006104052797860574317967163509607", "232327690192941995352027900811732422356", "297867436599823948476812071841674933398", "191058153855019843145782312493874618054", "213207860056129544246399960674346981714", "153277542590348788033796345559096625066", "189143837280181008597514096578596137128", "103054339028902983481167122157516390565", "309889577854558010845876679495858090275", "218126424916799469382031295780882932650" ] }, "id": "ASB-A-221256678-8a81a85d", "source": "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/expat/+/257f1d3777240016d3ccd74a61cd7d0e0efcaae3" ], "spl": "2022-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "339326044285764152046173097361304582891", "37517056343669458741212050199709508032", "35613909015179879119886763859434258788", "184538079924971805284425482750745354605", "37167670863099582326420273828710157536", "128141464681805290033676726535339920132", "146412106355233493138691733981388781214", "218126424916799469382031295780882932650" ] }, "id": "ASB-A-221256678-dde4366a", "source": "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c" }, "signature_type": "Line" }, { "digest": { "length": 27964.0, "function_hash": "250342439851380564132105541905090514381" }, "id": "ASB-A-221256678-e086e3c0", "source": "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c", "function": "doProlog" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/expat/+/8524cb8b7b377ff6acb1ca51afc7255d02c4170b" ], "spl": "2022-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "339326044285764152046173097361304582891", "37517056343669458741212050199709508032", "35613909015179879119886763859434258788", "184538079924971805284425482750745354605", "37167670863099582326420273828710157536", "128141464681805290033676726535339920132", "146412106355233493138691733981388781214", "218126424916799469382031295780882932650" ] }, "id": "ASB-A-221256678-406c5875", "source": "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c" }, "signature_type": "Line" }, { "digest": { "length": 27964.0, "function_hash": "250342439851380564132105541905090514381" }, "id": "ASB-A-221256678-9c24eb51", "source": "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c", "function": "doProlog" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/expat/+/247dff003581d92e089626d8304eb27a53c8f160" ], "spl": "2022-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "339326044285764152046173097361304582891", "37517056343669458741212050199709508032", "35613909015179879119886763859434258788", "184538079924971805284425482750745354605", "37167670863099582326420273828710157536", "128141464681805290033676726535339920132", "146412106355233493138691733981388781214", "218126424916799469382031295780882932650" ] }, "id": "ASB-A-221256678-799ae9e9", "source": "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c" }, "signature_type": "Line" }, { "digest": { "length": 27964.0, "function_hash": "250342439851380564132105541905090514381" }, "id": "ASB-A-221256678-9cace653", "source": "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/xmlparse.c", "function": "doProlog" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/expat/+/b7179f2c886badb2158fa5dfcc57c54d201bc677" ], "spl": "2022-09-01", "severity": "High", "types": [ "EoP" ] }