ASB-A-274231102

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-274231102.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-274231102
Aliases
  • A-274231102
  • CVE-2023-40128
Published
2023-10-01T00:00:00Z
Modified
2024-08-07T19:29:18.073976Z
Summary
libxml2_regexp_fuzzer: Crash in libxml2.so
Details

In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/libxml2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1336.0,
                "function_hash": "194289442730404476567257505472944491342"
            },
            "id": "ASB-A-274231102-22de30eb",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4192.0,
                "function_hash": "286849544817418768335908216744020265449"
            },
            "id": "ASB-A-274231102-2e4c85b4",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlFAGenerateTransitions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "320995382150417517862002393554507749409"
            },
            "id": "ASB-A-274231102-65c40e3c",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 881.0,
                "function_hash": "168991425808716676318447426641166953902"
            },
            "id": "ASB-A-274231102-8e399a02",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1028.0,
                "function_hash": "45312315292554977945286378268126194603"
            },
            "id": "ASB-A-274231102-a7044e24",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "19425799061210353593077284545013811363",
                    "5907603357197868905669115033062480205",
                    "37650081241679653630269798644214843044",
                    "230570562004109944517098004816911128269",
                    "251770770304899036841109856180359482455",
                    "304698920401754550621011024863766267122",
                    "32026019354401868928204667467178777430",
                    "169754711938011847781472798512900816415",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "178020714517195066202660648075087089950",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "22748492019790916104206250717897407969",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "16244480229490051662226600603476136641",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "120975947584594195072212574675430384303"
                ]
            },
            "id": "ASB-A-274231102-b4ed4579",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/libxml2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "19425799061210353593077284545013811363",
                    "5907603357197868905669115033062480205",
                    "37650081241679653630269798644214843044",
                    "230570562004109944517098004816911128269",
                    "251770770304899036841109856180359482455",
                    "304698920401754550621011024863766267122",
                    "32026019354401868928204667467178777430",
                    "169754711938011847781472798512900816415",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "178020714517195066202660648075087089950",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "22748492019790916104206250717897407969",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "16244480229490051662226600603476136641",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "120975947584594195072212574675430384303"
                ]
            },
            "id": "ASB-A-274231102-2a277374",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1315.0,
                "function_hash": "25374719156014082904346898533442674231"
            },
            "id": "ASB-A-274231102-38b310bd",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4193.0,
                "function_hash": "24896819028198972162326686889226208718"
            },
            "id": "ASB-A-274231102-4add74e9",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlFAGenerateTransitions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1028.0,
                "function_hash": "45312315292554977945286378268126194603"
            },
            "id": "ASB-A-274231102-7991e076",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 860.0,
                "function_hash": "73338815645371492332508725579366774982"
            },
            "id": "ASB-A-274231102-ac962f02",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "320995382150417517862002393554507749409"
            },
            "id": "ASB-A-274231102-ebc0b65a",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans2"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/libxml2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1315.0,
                "function_hash": "25374719156014082904346898533442674231"
            },
            "id": "ASB-A-274231102-1d2a1ddb",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "320995382150417517862002393554507749409"
            },
            "id": "ASB-A-274231102-27a80ac0",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4193.0,
                "function_hash": "24896819028198972162326686889226208718"
            },
            "id": "ASB-A-274231102-4da17db8",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlFAGenerateTransitions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "19425799061210353593077284545013811363",
                    "5907603357197868905669115033062480205",
                    "37650081241679653630269798644214843044",
                    "230570562004109944517098004816911128269",
                    "251770770304899036841109856180359482455",
                    "304698920401754550621011024863766267122",
                    "32026019354401868928204667467178777430",
                    "169754711938011847781472798512900816415",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "178020714517195066202660648075087089950",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "22748492019790916104206250717897407969",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "16244480229490051662226600603476136641",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "120975947584594195072212574675430384303"
                ]
            },
            "id": "ASB-A-274231102-5a1a02b6",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 860.0,
                "function_hash": "73338815645371492332508725579366774982"
            },
            "id": "ASB-A-274231102-869fe85a",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1028.0,
                "function_hash": "45312315292554977945286378268126194603"
            },
            "id": "ASB-A-274231102-cf0aa6b9",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/external/libxml2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1028.0,
                "function_hash": "45312315292554977945286378268126194603"
            },
            "id": "ASB-A-274231102-1a3c94fd",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "320995382150417517862002393554507749409"
            },
            "id": "ASB-A-274231102-2d4eeb61",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewCountTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1315.0,
                "function_hash": "25374719156014082904346898533442674231"
            },
            "id": "ASB-A-274231102-3c625362",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4193.0,
                "function_hash": "24896819028198972162326686889226208718"
            },
            "id": "ASB-A-274231102-5eac66fe",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlFAGenerateTransitions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 860.0,
                "function_hash": "73338815645371492332508725579366774982"
            },
            "id": "ASB-A-274231102-b8313cf0",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c",
                "function": "xmlAutomataNewOnceTrans"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "19425799061210353593077284545013811363",
                    "5907603357197868905669115033062480205",
                    "37650081241679653630269798644214843044",
                    "230570562004109944517098004816911128269",
                    "251770770304899036841109856180359482455",
                    "304698920401754550621011024863766267122",
                    "32026019354401868928204667467178777430",
                    "169754711938011847781472798512900816415",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "178020714517195066202660648075087089950",
                    "243219486569140842104847391148576644862",
                    "187143736696446723813293942197096075893",
                    "164238930355821149871022389360426165860",
                    "327717555065096168191060962796201950705",
                    "288294457797168187934754749586048936509",
                    "151052489551114435308986337394479570459",
                    "213006275826760076516076958279528888219",
                    "22748492019790916104206250717897407969",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "16244480229490051662226600603476136641",
                    "307044815513582077165993042811738588826",
                    "262182975630621246209206463987280754057",
                    "340003719122539253473702446077555889163",
                    "150563184359254906168590771611801629189",
                    "306092578858770519986257278171310209807",
                    "20181567728655020568300040981209146032",
                    "288435753353998236815381509283233810709",
                    "120975947584594195072212574675430384303"
                ]
            },
            "id": "ASB-A-274231102-b914e0e6",
            "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "xmlregexp.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}