ASB-A-402319736
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-402319736.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-402319736
- Aliases
-
- A-402319736
- CVE-2025-32325
- Published
- 2025-09-01T00:00:00Z
- Modified
- 2025-10-16T15:26:20.871763Z
- Summary
- [none]
- Details
-
In appendFrom of Parcel.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/28e7af08b92e7b97f46d8ecd88ebd3f27a065e08"
],
"vanir_signatures": [
{
"id": "ASB-A-402319736-7c5cbd9e",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::appendFrom"
},
"deprecated": false,
"digest": {
"length": 4322.0,
"function_hash": "178701950605905997425055749157210792203"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/28e7af08b92e7b97f46d8ecd88ebd3f27a065e08"
},
{
"id": "ASB-A-402319736-bd761ea9",
"signature_type": "Line",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"51381672520172261129715899756627154929",
"210374851786971555568460277090597738307",
"155271762482437850643693733411048634964",
"109527852893340247372168740642036543907",
"43721822524486389074935565948156745264",
"15587836808845748779041546337878074638",
"177788261905640640172395124742115842767",
"234041640012119387953398893434478495180",
"150451445208971175902485306982143317132",
"331155451546745154276324300107774308490",
"123745215950624520007436828847176686409",
"210903107680199634040733136286251011424",
"225261719953877117304676052738549228155",
"234243997808600553485171786974480681519",
"31851905259529625038687869897369029315",
"95659062841226918934957054438703541812",
"207778055393088172157907837881910254681",
"146304623910844882355827165592388282804",
"267323169176744170554804592412619031785",
"107941690588496978138186594879881584225",
"34503488177459018642277903258944360574",
"113010066754879000058103270574065325608",
"135431797962241342629954601787255507890",
"209997035785706851442893966207824796153",
"116283782362752188786666965213986367925",
"53471356697072452659237692074171154172",
"74815793236480183357881342656030708681",
"67028945604995194595196035595094351183",
"316957409895216968460276351018837753056",
"227020808170213883427456468396879067187",
"287134696867143310350388689188085852006",
"301040197777846245171501085531148668910",
"292948177952400779816097486232774398839",
"242858636102970632788243088317459176777",
"139462005030726563793084262728758393551",
"192722516562645392155972947635475842784",
"35000599776559692644156525029605257115",
"10919094205637014843480071010005941363"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/28e7af08b92e7b97f46d8ecd88ebd3f27a065e08"
},
{
"id": "ASB-A-402319736-dc0337b0",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeFileDescriptor"
},
"deprecated": false,
"digest": {
"length": 1786.0,
"function_hash": "13816876387540329154649494147792302081"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/28e7af08b92e7b97f46d8ecd88ebd3f27a065e08"
},
{
"id": "ASB-A-402319736-e7c71dc1",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeObject"
},
"deprecated": false,
"digest": {
"length": 1787.0,
"function_hash": "82499973687348231239541848845210848670"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/28e7af08b92e7b97f46d8ecd88ebd3f27a065e08"
}
],
"spl": "2025-09-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/919b3602d669d7c3be34917fca7e08bcd20b83c4"
],
"vanir_signatures": [
{
"id": "ASB-A-402319736-52992bf0",
"signature_type": "Line",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"51381672520172261129715899756627154929",
"210374851786971555568460277090597738307",
"155271762482437850643693733411048634964",
"109527852893340247372168740642036543907",
"43721822524486389074935565948156745264",
"15587836808845748779041546337878074638",
"177788261905640640172395124742115842767",
"234041640012119387953398893434478495180",
"150451445208971175902485306982143317132",
"331155451546745154276324300107774308490",
"123745215950624520007436828847176686409",
"210903107680199634040733136286251011424",
"225261719953877117304676052738549228155",
"234243997808600553485171786974480681519",
"31851905259529625038687869897369029315",
"95659062841226918934957054438703541812",
"207778055393088172157907837881910254681",
"146304623910844882355827165592388282804",
"267323169176744170554804592412619031785",
"107941690588496978138186594879881584225",
"34503488177459018642277903258944360574",
"113010066754879000058103270574065325608",
"162235056578365951902462945525277028716",
"300305713039417407008578102736043659060",
"51625213564499350001788990257889189374",
"53471356697072452659237692074171154172",
"74815793236480183357881342656030708681",
"67028945604995194595196035595094351183",
"316957409895216968460276351018837753056",
"227020808170213883427456468396879067187",
"287134696867143310350388689188085852006",
"301040197777846245171501085531148668910",
"292948177952400779816097486232774398839",
"242858636102970632788243088317459176777",
"260782417886965912226119860539710161753",
"60715901929979177078123314727424970271",
"118412472310034689395328504104267114361",
"10919094205637014843480071010005941363"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/919b3602d669d7c3be34917fca7e08bcd20b83c4"
},
{
"id": "ASB-A-402319736-619b5630",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeFileDescriptor"
},
"deprecated": false,
"digest": {
"length": 1407.0,
"function_hash": "109648978914331348469187726302377866312"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/919b3602d669d7c3be34917fca7e08bcd20b83c4"
},
{
"id": "ASB-A-402319736-66073ddf",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::appendFrom"
},
"deprecated": false,
"digest": {
"length": 4290.0,
"function_hash": "75065187963391692845876557225886659433"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/919b3602d669d7c3be34917fca7e08bcd20b83c4"
},
{
"id": "ASB-A-402319736-eb05e6ea",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeObject"
},
"deprecated": false,
"digest": {
"length": 1671.0,
"function_hash": "298015628401380756994738891928336592128"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/919b3602d669d7c3be34917fca7e08bcd20b83c4"
}
],
"spl": "2025-09-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/10459fa3d41274abe389f5fafad1d43608af8dcb"
],
"vanir_signatures": [
{
"id": "ASB-A-402319736-8046015e",
"signature_type": "Line",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"51381672520172261129715899756627154929",
"210374851786971555568460277090597738307",
"155271762482437850643693733411048634964",
"109527852893340247372168740642036543907",
"43721822524486389074935565948156745264",
"15587836808845748779041546337878074638",
"177788261905640640172395124742115842767",
"234041640012119387953398893434478495180",
"150451445208971175902485306982143317132",
"331155451546745154276324300107774308490",
"123745215950624520007436828847176686409",
"210903107680199634040733136286251011424",
"225261719953877117304676052738549228155",
"234243997808600553485171786974480681519",
"31851905259529625038687869897369029315",
"95659062841226918934957054438703541812",
"207778055393088172157907837881910254681",
"146304623910844882355827165592388282804",
"267323169176744170554804592412619031785",
"107941690588496978138186594879881584225",
"34503488177459018642277903258944360574",
"113010066754879000058103270574065325608",
"135431797962241342629954601787255507890",
"209997035785706851442893966207824796153",
"116283782362752188786666965213986367925",
"53471356697072452659237692074171154172",
"74815793236480183357881342656030708681",
"67028945604995194595196035595094351183",
"316957409895216968460276351018837753056",
"227020808170213883427456468396879067187",
"287134696867143310350388689188085852006",
"301040197777846245171501085531148668910",
"292948177952400779816097486232774398839",
"242858636102970632788243088317459176777",
"139462005030726563793084262728758393551",
"192722516562645392155972947635475842784",
"35000599776559692644156525029605257115",
"10919094205637014843480071010005941363"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/10459fa3d41274abe389f5fafad1d43608af8dcb"
},
{
"id": "ASB-A-402319736-9bacc290",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeFileDescriptor"
},
"deprecated": false,
"digest": {
"length": 1786.0,
"function_hash": "13816876387540329154649494147792302081"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/10459fa3d41274abe389f5fafad1d43608af8dcb"
},
{
"id": "ASB-A-402319736-b5bfe9b5",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeObject"
},
"deprecated": false,
"digest": {
"length": 1787.0,
"function_hash": "82499973687348231239541848845210848670"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/10459fa3d41274abe389f5fafad1d43608af8dcb"
},
{
"id": "ASB-A-402319736-fdb18fde",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::appendFrom"
},
"deprecated": false,
"digest": {
"length": 4322.0,
"function_hash": "178701950605905997425055749157210792203"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/10459fa3d41274abe389f5fafad1d43608af8dcb"
}
],
"spl": "2025-09-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/6ec2bbaad850f8666a673cbb9f0926995ac3b426"
],
"vanir_signatures": [
{
"id": "ASB-A-402319736-a2a57db9",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeObject"
},
"deprecated": false,
"digest": {
"length": 1243.0,
"function_hash": "30011031627518947453602510047345767486"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/6ec2bbaad850f8666a673cbb9f0926995ac3b426"
},
{
"id": "ASB-A-402319736-d70625fa",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::appendFrom"
},
"deprecated": false,
"digest": {
"length": 2207.0,
"function_hash": "253287190991727913674793224415353052521"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/6ec2bbaad850f8666a673cbb9f0926995ac3b426"
},
{
"id": "ASB-A-402319736-fc0bea13",
"signature_type": "Line",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"165251339964550588966199654470402948902",
"84181848815595836438526049042429627658",
"185946888934164889764577177978507734954",
"145467714637046075636925961031825195561",
"169231084028591905015449806974524175966",
"325776091831578243540922987395992002890",
"251584388937616819094867997254219319185",
"234041640012119387953398893434478495180",
"150451445208971175902485306982143317132",
"331155451546745154276324300107774308490",
"123745215950624520007436828847176686409",
"210903107680199634040733136286251011424",
"225261719953877117304676052738549228155",
"234243997808600553485171786974480681519",
"285647003027615527411577138690530798272",
"35897281165934604652006326228025381507",
"240454019788746116142705481671148582355",
"18478012610710922198139780970232545664",
"333189501484651057699451525701055861372",
"172783575384239408316463018545306019466",
"48517095539917289936785576684377539660",
"177829748253966938975978267674454420779",
"216212423929918755209376432154229956747",
"108587633537507210242609878158511307392",
"125012503685818007282471692129526370681",
"335262093353938068893257561734285562251",
"75871114794360251185573319515864632915",
"20302911908117980418513720700495637648",
"10571306400211909075124315138216014614",
"332132777762745825014530055427392735906"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/6ec2bbaad850f8666a673cbb9f0926995ac3b426"
}
],
"spl": "2025-09-01"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/71efd8fd6b717ec427a264fc901e3c62ef7de8ec"
],
"vanir_signatures": [
{
"id": "ASB-A-402319736-10e098c3",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::appendFrom"
},
"deprecated": false,
"digest": {
"length": 4266.0,
"function_hash": "94542787290208360892377623637931891459"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/71efd8fd6b717ec427a264fc901e3c62ef7de8ec"
},
{
"id": "ASB-A-402319736-1cb5bbc4",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeFileDescriptor"
},
"deprecated": false,
"digest": {
"length": 1504.0,
"function_hash": "194722527409467618387199405957538286670"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/71efd8fd6b717ec427a264fc901e3c62ef7de8ec"
},
{
"id": "ASB-A-402319736-34605963",
"signature_type": "Function",
"target": {
"file": "libs/binder/Parcel.cpp",
"function": "Parcel::writeObject"
},
"deprecated": false,
"digest": {
"length": 1671.0,
"function_hash": "298015628401380756994738891928336592128"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/71efd8fd6b717ec427a264fc901e3c62ef7de8ec"
},
{
"id": "ASB-A-402319736-8f39e828",
"signature_type": "Line",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"51381672520172261129715899756627154929",
"210374851786971555568460277090597738307",
"155271762482437850643693733411048634964",
"109527852893340247372168740642036543907",
"43721822524486389074935565948156745264",
"15587836808845748779041546337878074638",
"177788261905640640172395124742115842767",
"234041640012119387953398893434478495180",
"150451445208971175902485306982143317132",
"331155451546745154276324300107774308490",
"123745215950624520007436828847176686409",
"210903107680199634040733136286251011424",
"225261719953877117304676052738549228155",
"234243997808600553485171786974480681519",
"31851905259529625038687869897369029315",
"95659062841226918934957054438703541812",
"207778055393088172157907837881910254681",
"146304623910844882355827165592388282804",
"267323169176744170554804592412619031785",
"107941690588496978138186594879881584225",
"34503488177459018642277903258944360574",
"113010066754879000058103270574065325608",
"216212423929918755209376432154229956747",
"108587633537507210242609878158511307392",
"183134962032740150498901349178543915712",
"53471356697072452659237692074171154172",
"74815793236480183357881342656030708681",
"67028945604995194595196035595094351183",
"316957409895216968460276351018837753056",
"227020808170213883427456468396879067187",
"287134696867143310350388689188085852006",
"301040197777846245171501085531148668910",
"292948177952400779816097486232774398839",
"242858636102970632788243088317459176777",
"260782417886965912226119860539710161753",
"60715901929979177078123314727424970271",
"118412472310034689395328504104267114361",
"10919094205637014843480071010005941363"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/71efd8fd6b717ec427a264fc901e3c62ef7de8ec"
}
],
"spl": "2025-09-01"
}