{"id":"ASB-A-274231102", "published":"2023-10-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-40128", "A-274231102"], "details":"In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"286849544817418768335908216744020265449", "length":4192}, "id":"ASB-A-274231102-9a2724a6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c", "function":"xmlFAGenerateTransitions"}}, {"deprecated":false, "digest":{"line_hashes":["19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303"], "threshold":0.9}, "id":"ASB-A-274231102-9b984df5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c"}}, {"deprecated":false, "digest":{"function_hash":"45312315292554977945286378268126194603", "length":1028}, "id":"ASB-A-274231102-9cd53a19", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans"}}, {"deprecated":false, "digest":{"function_hash":"320995382150417517862002393554507749409", "length":1483}, "id":"ASB-A-274231102-c55f1260", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans2"}}, {"deprecated":false, "digest":{"function_hash":"168991425808716676318447426641166953902", "length":881}, "id":"ASB-A-274231102-dacbfb06", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans"}}, {"deprecated":false, "digest":{"function_hash":"194289442730404476567257505472944491342", "length":1336}, "id":"ASB-A-274231102-eeca2513", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/381160fc2a293d50a627c9e35bb34485bf97b6e7", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans2"}}]}}, {"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303"], "threshold":0.9}, "id":"ASB-A-274231102-20796487", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c"}}, {"deprecated":false, "digest":{"function_hash":"45312315292554977945286378268126194603", "length":1028}, "id":"ASB-A-274231102-222e01e4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans"}}, {"deprecated":false, "digest":{"function_hash":"320995382150417517862002393554507749409", "length":1483}, "id":"ASB-A-274231102-5f3bf677", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans2"}}, {"deprecated":false, "digest":{"function_hash":"73338815645371492332508725579366774982", "length":860}, "id":"ASB-A-274231102-b1028d23", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans"}}, {"deprecated":false, "digest":{"function_hash":"24896819028198972162326686889226208718", "length":4193}, "id":"ASB-A-274231102-c347fcdd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c", "function":"xmlFAGenerateTransitions"}}, {"deprecated":false, "digest":{"function_hash":"25374719156014082904346898533442674231", "length":1315}, "id":"ASB-A-274231102-eed3ed7f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/761198eaee09f721452adfefa92b9a6c9b875f24", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans2"}}]}}, {"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"45312315292554977945286378268126194603", "length":1028}, "id":"ASB-A-274231102-0f1eecdf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans"}}, {"deprecated":false, "digest":{"function_hash":"73338815645371492332508725579366774982", "length":860}, "id":"ASB-A-274231102-3f189db3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans"}}, {"deprecated":false, "digest":{"line_hashes":["19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303"], "threshold":0.9}, "id":"ASB-A-274231102-6e8ab020", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c"}}, {"deprecated":false, "digest":{"function_hash":"24896819028198972162326686889226208718", "length":4193}, "id":"ASB-A-274231102-d978d337", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c", "function":"xmlFAGenerateTransitions"}}, {"deprecated":false, "digest":{"function_hash":"25374719156014082904346898533442674231", "length":1315}, "id":"ASB-A-274231102-f11c4af1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans2"}}, {"deprecated":false, "digest":{"function_hash":"320995382150417517862002393554507749409", "length":1483}, "id":"ASB-A-274231102-fe8fbaee", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/19e6d50dbabcfbbb53f5410c19ea5613e0a8ad7a", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans2"}}]}}, {"package":{"name":"platform/external/libxml2", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["19425799061210353593077284545013811363", "5907603357197868905669115033062480205", "37650081241679653630269798644214843044", "230570562004109944517098004816911128269", "251770770304899036841109856180359482455", "304698920401754550621011024863766267122", "32026019354401868928204667467178777430", "169754711938011847781472798512900816415", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "178020714517195066202660648075087089950", "243219486569140842104847391148576644862", "187143736696446723813293942197096075893", "164238930355821149871022389360426165860", "327717555065096168191060962796201950705", "288294457797168187934754749586048936509", "151052489551114435308986337394479570459", "213006275826760076516076958279528888219", "22748492019790916104206250717897407969", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "16244480229490051662226600603476136641", "307044815513582077165993042811738588826", "262182975630621246209206463987280754057", "340003719122539253473702446077555889163", "150563184359254906168590771611801629189", "306092578858770519986257278171310209807", "20181567728655020568300040981209146032", "288435753353998236815381509283233810709", "120975947584594195072212574675430384303"], "threshold":0.9}, "id":"ASB-A-274231102-14d2204b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c"}}, {"deprecated":false, "digest":{"function_hash":"25374719156014082904346898533442674231", "length":1315}, "id":"ASB-A-274231102-583097df", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans2"}}, {"deprecated":false, "digest":{"function_hash":"24896819028198972162326686889226208718", "length":4193}, "id":"ASB-A-274231102-61311bae", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c", "function":"xmlFAGenerateTransitions"}}, {"deprecated":false, "digest":{"function_hash":"320995382150417517862002393554507749409", "length":1483}, "id":"ASB-A-274231102-6bde39d1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans2"}}, {"deprecated":false, "digest":{"function_hash":"73338815645371492332508725579366774982", "length":860}, "id":"ASB-A-274231102-8dff873b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewOnceTrans"}}, {"deprecated":false, "digest":{"function_hash":"45312315292554977945286378268126194603", "length":1028}, "id":"ASB-A-274231102-c4a6ba49", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/libxml2/+/0e6ed17dfe8e36e5618a592a600720bd61e015cc", "target":{"file":"xmlregexp.c", "function":"xmlAutomataNewCountTrans"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7"}]}