ASB-A-274231102
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-274231102.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-274231102
- Aliases
-
- A-274231102
- CVE-2023-40128
- Published
- 2023-10-01T00:00:00Z
- Modified
- 2026-04-28T15:17:37.552933Z
- Summary
- [none]
- Details
-
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/external/libxml2
Package
Ecosystem specific
{
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4192.0,
"function_hash": "286849544817418768335908216744020265449"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"function": "xmlFAGenerateTransitions",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-9a2724a6"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"19425799061210353593077284545013811363",
"5907603357197868905669115033062480205",
"37650081241679653630269798644214843044",
"230570562004109944517098004816911128269",
"251770770304899036841109856180359482455",
"304698920401754550621011024863766267122",
"32026019354401868928204667467178777430",
"169754711938011847781472798512900816415",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"178020714517195066202660648075087089950",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"22748492019790916104206250717897407969",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"16244480229490051662226600603476136641",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"120975947584594195072212574675430384303"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-9b984df5"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1028.0,
"function_hash": "45312315292554977945286378268126194603"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"function": "xmlAutomataNewCountTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-9cd53a19"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1483.0,
"function_hash": "320995382150417517862002393554507749409"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"function": "xmlAutomataNewCountTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-c55f1260"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 881.0,
"function_hash": "168991425808716676318447426641166953902"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"function": "xmlAutomataNewOnceTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-dacbfb06"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1336.0,
"function_hash": "194289442730404476567257505472944491342"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
"target": {
"function": "xmlAutomataNewOnceTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-eeca2513"
}
],
"severity": "High"
}
Android / platform/external/libxml2
Package
Ecosystem specific
{
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"19425799061210353593077284545013811363",
"5907603357197868905669115033062480205",
"37650081241679653630269798644214843044",
"230570562004109944517098004816911128269",
"251770770304899036841109856180359482455",
"304698920401754550621011024863766267122",
"32026019354401868928204667467178777430",
"169754711938011847781472798512900816415",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"178020714517195066202660648075087089950",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"22748492019790916104206250717897407969",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"16244480229490051662226600603476136641",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"120975947584594195072212574675430384303"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-20796487"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1028.0,
"function_hash": "45312315292554977945286378268126194603"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"function": "xmlAutomataNewCountTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-222e01e4"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1483.0,
"function_hash": "320995382150417517862002393554507749409"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"function": "xmlAutomataNewCountTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-5f3bf677"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 860.0,
"function_hash": "73338815645371492332508725579366774982"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"function": "xmlAutomataNewOnceTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-b1028d23"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4193.0,
"function_hash": "24896819028198972162326686889226208718"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"function": "xmlFAGenerateTransitions",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-c347fcdd"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1315.0,
"function_hash": "25374719156014082904346898533442674231"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
"target": {
"function": "xmlAutomataNewOnceTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-eed3ed7f"
}
],
"severity": "High"
}
Android / platform/external/libxml2
Package
Ecosystem specific
{
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1028.0,
"function_hash": "45312315292554977945286378268126194603"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"function": "xmlAutomataNewCountTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-0f1eecdf"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 860.0,
"function_hash": "73338815645371492332508725579366774982"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"function": "xmlAutomataNewOnceTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-3f189db3"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"19425799061210353593077284545013811363",
"5907603357197868905669115033062480205",
"37650081241679653630269798644214843044",
"230570562004109944517098004816911128269",
"251770770304899036841109856180359482455",
"304698920401754550621011024863766267122",
"32026019354401868928204667467178777430",
"169754711938011847781472798512900816415",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"178020714517195066202660648075087089950",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"22748492019790916104206250717897407969",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"16244480229490051662226600603476136641",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"120975947584594195072212574675430384303"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-6e8ab020"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4193.0,
"function_hash": "24896819028198972162326686889226208718"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"function": "xmlFAGenerateTransitions",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-d978d337"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1315.0,
"function_hash": "25374719156014082904346898533442674231"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"function": "xmlAutomataNewOnceTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-f11c4af1"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1483.0,
"function_hash": "320995382150417517862002393554507749409"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
"target": {
"function": "xmlAutomataNewCountTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-fe8fbaee"
}
],
"severity": "High"
}
Android / platform/external/libxml2
Package
Ecosystem specific
{
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"19425799061210353593077284545013811363",
"5907603357197868905669115033062480205",
"37650081241679653630269798644214843044",
"230570562004109944517098004816911128269",
"251770770304899036841109856180359482455",
"304698920401754550621011024863766267122",
"32026019354401868928204667467178777430",
"169754711938011847781472798512900816415",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"178020714517195066202660648075087089950",
"243219486569140842104847391148576644862",
"187143736696446723813293942197096075893",
"164238930355821149871022389360426165860",
"327717555065096168191060962796201950705",
"288294457797168187934754749586048936509",
"151052489551114435308986337394479570459",
"213006275826760076516076958279528888219",
"22748492019790916104206250717897407969",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"16244480229490051662226600603476136641",
"307044815513582077165993042811738588826",
"262182975630621246209206463987280754057",
"340003719122539253473702446077555889163",
"150563184359254906168590771611801629189",
"306092578858770519986257278171310209807",
"20181567728655020568300040981209146032",
"288435753353998236815381509283233810709",
"120975947584594195072212574675430384303"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-14d2204b"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1315.0,
"function_hash": "25374719156014082904346898533442674231"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"function": "xmlAutomataNewOnceTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-583097df"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4193.0,
"function_hash": "24896819028198972162326686889226208718"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"function": "xmlFAGenerateTransitions",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-61311bae"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1483.0,
"function_hash": "320995382150417517862002393554507749409"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"function": "xmlAutomataNewCountTrans2",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-6bde39d1"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 860.0,
"function_hash": "73338815645371492332508725579366774982"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"function": "xmlAutomataNewOnceTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-8dff873b"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1028.0,
"function_hash": "45312315292554977945286378268126194603"
},
"source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
"target": {
"function": "xmlAutomataNewCountTrans",
"file": "xmlregexp.c"
},
"id": "ASB-A-274231102-c4a6ba49"
}
],
"severity": "High"
}