ASB-A-307288067

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-307288067.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-307288067
Aliases
  • A-307288067
  • CVE-2024-34740
Published
2024-08-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-08-01

Affected versions

Other

14-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/eebe3b8baf112082c3178ba7d17b5318c53b3b5f"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/libs/modules-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-08-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 305.0,
                "function_hash": "276202928956936777865925272387699035005"
            },
            "id": "ASB-A-307288067-8c8c1bf6",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java",
                "function": "attributeBytesHex"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "123285881540088161321404136447312297041"
            },
            "id": "ASB-A-307288067-97671524",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java",
                "function": "attributeBytesBase64"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283722049743732542501552246218868566890",
                    "124536555656711251714595757169315741186",
                    "122184924213693488507879712964387799493",
                    "112442495831665481300647493341313298518",
                    "185107612995023145594395780461092034037",
                    "146258699207377061517294099540023252159",
                    "78225582879338290131721514303224868112",
                    "84475282677288083217541497316840726603",
                    "185107612995023145594395780461092034037"
                ]
            },
            "id": "ASB-A-307288067-c0884d18",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-08-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 308.0,
                "function_hash": "123285881540088161321404136447312297041"
            },
            "id": "ASB-A-307288067-91dae152",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesBase64"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 305.0,
                "function_hash": "276202928956936777865925272387699035005"
            },
            "id": "ASB-A-307288067-b4ba89ae",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesHex"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "215027096968947984660538355209230953530",
                    "292425170535058714301227834960314272490",
                    "141389441976109996511672681276036685866",
                    "124536555656711251714595757169315741186",
                    "122184924213693488507879712964387799493",
                    "112442495831665481300647493341313298518",
                    "185107612995023145594395780461092034037",
                    "146258699207377061517294099540023252159",
                    "78225582879338290131721514303224868112",
                    "84475282677288083217541497316840726603",
                    "185107612995023145594395780461092034037"
                ]
            },
            "id": "ASB-A-307288067-e213bdb3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-08-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 308.0,
                "function_hash": "123285881540088161321404136447312297041"
            },
            "id": "ASB-A-307288067-2b5d7f9d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesBase64"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "215027096968947984660538355209230953530",
                    "292425170535058714301227834960314272490",
                    "141389441976109996511672681276036685866",
                    "124536555656711251714595757169315741186",
                    "122184924213693488507879712964387799493",
                    "112442495831665481300647493341313298518",
                    "185107612995023145594395780461092034037",
                    "146258699207377061517294099540023252159",
                    "78225582879338290131721514303224868112",
                    "84475282677288083217541497316840726603",
                    "185107612995023145594395780461092034037"
                ]
            },
            "id": "ASB-A-307288067-97756750",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 305.0,
                "function_hash": "276202928956936777865925272387699035005"
            },
            "id": "ASB-A-307288067-ae08b6e4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesHex"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-08-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 305.0,
                "function_hash": "276202928956936777865925272387699035005"
            },
            "id": "ASB-A-307288067-549f8e22",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesHex"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "215027096968947984660538355209230953530",
                    "292425170535058714301227834960314272490",
                    "141389441976109996511672681276036685866",
                    "124536555656711251714595757169315741186",
                    "122184924213693488507879712964387799493",
                    "112442495831665481300647493341313298518",
                    "185107612995023145594395780461092034037",
                    "146258699207377061517294099540023252159",
                    "78225582879338290131721514303224868112",
                    "84475282677288083217541497316840726603",
                    "185107612995023145594395780461092034037"
                ]
            },
            "id": "ASB-A-307288067-ac8a12dc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "123285881540088161321404136447312297041"
            },
            "id": "ASB-A-307288067-caff5f0f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java",
                "function": "attributeBytesBase64"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-08-01

Affected versions

Other

14

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/eebe3b8baf112082c3178ba7d17b5318c53b3b5f"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/libs/modules-utils

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-08-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 305.0,
                "function_hash": "276202928956936777865925272387699035005"
            },
            "id": "ASB-A-307288067-879ac2af",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java",
                "function": "attributeBytesHex"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "123285881540088161321404136447312297041"
            },
            "id": "ASB-A-307288067-a15c9166",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java",
                "function": "attributeBytesBase64"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283722049743732542501552246218868566890",
                    "124536555656711251714595757169315741186",
                    "122184924213693488507879712964387799493",
                    "112442495831665481300647493341313298518",
                    "185107612995023145594395780461092034037",
                    "146258699207377061517294099540023252159",
                    "78225582879338290131721514303224868112",
                    "84475282677288083217541497316840726603",
                    "185107612995023145594395780461092034037"
                ]
            },
            "id": "ASB-A-307288067-a83843b8",
            "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890"
    ],
    "spl": "2024-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}