In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1336.0, "function_hash": "194289442730404476567257505472944491342" }, "id": "ASB-A-274231102-22de30eb", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans2" }, "signature_type": "Function" }, { "digest": { "length": 4192.0, "function_hash": "286849544817418768335908216744020265449" }, "id": "ASB-A-274231102-2e4c85b4", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlFAGenerateTransitions" }, "signature_type": "Function" }, { "digest": { "length": 1483.0, "function_hash": "320995382150417517862002393554507749409" }, "id": "ASB-A-274231102-65c40e3c", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans2" }, "signature_type": "Function" }, { "digest": { "length": 881.0, "function_hash": "168991425808716676318447426641166953902" }, "id": "ASB-A-274231102-8e399a02", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans" }, "signature_type": "Function" }, { "digest": { "length": 1028.0, "function_hash": "45312315292554977945286378268126194603" }, "id": "ASB-A-274231102-a7044e24", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303" ] }, "id": "ASB-A-274231102-b4ed4579", "source": "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7" ], "spl": "2023-10-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303" ] }, "id": "ASB-A-274231102-2a277374", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c" }, "signature_type": "Line" }, { "digest": { "length": 1315.0, "function_hash": "25374719156014082904346898533442674231" }, "id": "ASB-A-274231102-38b310bd", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans2" }, "signature_type": "Function" }, { "digest": { "length": 4193.0, "function_hash": "24896819028198972162326686889226208718" }, "id": "ASB-A-274231102-4add74e9", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlFAGenerateTransitions" }, "signature_type": "Function" }, { "digest": { "length": 1028.0, "function_hash": "45312315292554977945286378268126194603" }, "id": "ASB-A-274231102-7991e076", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans" }, "signature_type": "Function" }, { "digest": { "length": 860.0, "function_hash": "73338815645371492332508725579366774982" }, "id": "ASB-A-274231102-ac962f02", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans" }, "signature_type": "Function" }, { "digest": { "length": 1483.0, "function_hash": "320995382150417517862002393554507749409" }, "id": "ASB-A-274231102-ebc0b65a", "source": "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans2" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24" ], "spl": "2023-10-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1315.0, "function_hash": "25374719156014082904346898533442674231" }, "id": "ASB-A-274231102-1d2a1ddb", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans2" }, "signature_type": "Function" }, { "digest": { "length": 1483.0, "function_hash": "320995382150417517862002393554507749409" }, "id": "ASB-A-274231102-27a80ac0", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans2" }, "signature_type": "Function" }, { "digest": { "length": 4193.0, "function_hash": "24896819028198972162326686889226208718" }, "id": "ASB-A-274231102-4da17db8", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlFAGenerateTransitions" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303" ] }, "id": "ASB-A-274231102-5a1a02b6", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c" }, "signature_type": "Line" }, { "digest": { "length": 860.0, "function_hash": "73338815645371492332508725579366774982" }, "id": "ASB-A-274231102-869fe85a", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans" }, "signature_type": "Function" }, { "digest": { "length": 1028.0, "function_hash": "45312315292554977945286378268126194603" }, "id": "ASB-A-274231102-cf0aa6b9", "source": "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a" ], "spl": "2023-10-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1028.0, "function_hash": "45312315292554977945286378268126194603" }, "id": "ASB-A-274231102-1a3c94fd", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans" }, "signature_type": "Function" }, { "digest": { "length": 1483.0, "function_hash": "320995382150417517862002393554507749409" }, "id": "ASB-A-274231102-2d4eeb61", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewCountTrans2" }, "signature_type": "Function" }, { "digest": { "length": 1315.0, "function_hash": "25374719156014082904346898533442674231" }, "id": "ASB-A-274231102-3c625362", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans2" }, "signature_type": "Function" }, { "digest": { "length": 4193.0, "function_hash": "24896819028198972162326686889226208718" }, "id": "ASB-A-274231102-5eac66fe", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlFAGenerateTransitions" }, "signature_type": "Function" }, { "digest": { "length": 860.0, "function_hash": "73338815645371492332508725579366774982" }, "id": "ASB-A-274231102-b8313cf0", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c", "function": "xmlAutomataNewOnceTrans" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303" ] }, "id": "ASB-A-274231102-b914e0e6", "source": "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "deprecated": false, "signature_version": "v1", "target": { "file": "xmlregexp.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc" ], "spl": "2023-10-01", "severity": "High", "types": [ "EoP" ] }