ASB-A-307288067
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-307288067.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-307288067
- Aliases
-
- A-307288067
- CVE-2024-34740
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2025-09-18T14:59:33.952937Z
- Summary
- [none]
- Details
-
In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Android / platform/frameworks/libs/modules-utils
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-8c8c1bf6",
"digest": {
"function_hash": "276202928956936777865925272387699035005",
"length": 305.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesHex",
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-97671524",
"digest": {
"function_hash": "123285881540088161321404136447312297041",
"length": 308.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesBase64",
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-c0884d18",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283722049743732542501552246218868566890",
"124536555656711251714595757169315741186",
"122184924213693488507879712964387799493",
"112442495831665481300647493341313298518",
"185107612995023145594395780461092034037",
"146258699207377061517294099540023252159",
"78225582879338290131721514303224868112",
"84475282677288083217541497316840726603",
"185107612995023145594395780461092034037"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890"
],
"spl": "2024-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-91dae152",
"digest": {
"function_hash": "123285881540088161321404136447312297041",
"length": 308.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesBase64",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-b4ba89ae",
"digest": {
"function_hash": "276202928956936777865925272387699035005",
"length": 305.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesHex",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-e213bdb3",
"digest": {
"threshold": 0.9,
"line_hashes": [
"215027096968947984660538355209230953530",
"292425170535058714301227834960314272490",
"141389441976109996511672681276036685866",
"124536555656711251714595757169315741186",
"122184924213693488507879712964387799493",
"112442495831665481300647493341313298518",
"185107612995023145594395780461092034037",
"146258699207377061517294099540023252159",
"78225582879338290131721514303224868112",
"84475282677288083217541497316840726603",
"185107612995023145594395780461092034037"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
],
"spl": "2024-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-2b5d7f9d",
"digest": {
"function_hash": "123285881540088161321404136447312297041",
"length": 308.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesBase64",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-97756750",
"digest": {
"threshold": 0.9,
"line_hashes": [
"215027096968947984660538355209230953530",
"292425170535058714301227834960314272490",
"141389441976109996511672681276036685866",
"124536555656711251714595757169315741186",
"122184924213693488507879712964387799493",
"112442495831665481300647493341313298518",
"185107612995023145594395780461092034037",
"146258699207377061517294099540023252159",
"78225582879338290131721514303224868112",
"84475282677288083217541497316840726603",
"185107612995023145594395780461092034037"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-ae08b6e4",
"digest": {
"function_hash": "276202928956936777865925272387699035005",
"length": 305.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesHex",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
],
"spl": "2024-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-549f8e22",
"digest": {
"function_hash": "276202928956936777865925272387699035005",
"length": 305.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesHex",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-ac8a12dc",
"digest": {
"threshold": 0.9,
"line_hashes": [
"215027096968947984660538355209230953530",
"292425170535058714301227834960314272490",
"141389441976109996511672681276036685866",
"124536555656711251714595757169315741186",
"122184924213693488507879712964387799493",
"112442495831665481300647493341313298518",
"185107612995023145594395780461092034037",
"146258699207377061517294099540023252159",
"78225582879338290131721514303224868112",
"84475282677288083217541497316840726603",
"185107612995023145594395780461092034037"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e",
"id": "ASB-A-307288067-caff5f0f",
"digest": {
"function_hash": "123285881540088161321404136447312297041",
"length": 308.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesBase64",
"file": "core/java/com/android/internal/util/BinaryXmlSerializer.java"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e"
],
"spl": "2024-08-01",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Android / platform/frameworks/libs/modules-utils
Package
Ecosystem specific
{
"severity": "High",
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-879ac2af",
"digest": {
"function_hash": "276202928956936777865925272387699035005",
"length": 305.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesHex",
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-a15c9166",
"digest": {
"function_hash": "123285881540088161321404136447312297041",
"length": 308.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "attributeBytesBase64",
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
},
{
"source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890",
"id": "ASB-A-307288067-a83843b8",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283722049743732542501552246218868566890",
"124536555656711251714595757169315741186",
"122184924213693488507879712964387799493",
"112442495831665481300647493341313298518",
"185107612995023145594395780461092034037",
"146258699207377061517294099540023252159",
"78225582879338290131721514303224868112",
"84475282677288083217541497316840726603",
"185107612995023145594395780461092034037"
]
},
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "java/com/android/modules/utils/BinaryXmlSerializer.java"
},
"signature_version": "v1"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890"
],
"spl": "2024-08-01",
"types": [
"EoP"
]
}