{"id":"ASB-A-255449293","details":"In parserCreate of xmlparse.c, there is a possible use after free that could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-255449293","CVE-2022-43680"],"modified":"2026-03-11T06:25:33.212361Z","published":"2023-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/expat/+/2e02df8552fcfb0facd2d1e324b227190a73a7bb"}],"affected":[{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2023-02-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/expat/+/eb8f10fb1f4eb13c5a2ba1edbfd64b5f2a50ff4a"],"vanir_signatures":[{"target":{"function":"parserCreate","file":"lib/xmlparse.c"},"id":"ASB-A-255449293-34e3439f","deprecated":false,"digest":{"length":2638,"function_hash":"241864677999275664780112028235468015180"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/expat/+/eb8f10fb1f4eb13c5a2ba1edbfd64b5f2a50ff4a"},{"target":{"file":"lib/xmlparse.c"},"id":"ASB-A-255449293-4a995bdb","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["226920422708811604153776438321752425920","256028773478336621521363198644248115645","103238438290887398710675692008040585033","322242168469623392234752613650614084011"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/expat/+/eb8f10fb1f4eb13c5a2ba1edbfd64b5f2a50ff4a"}],"spl":"2023-02-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-255449293.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-02-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/expat/+/6944d3ebed0d631c92fdc31098e751b13dd110ba"],"vanir_signatures":[{"target":{"file":"lib/xmlparse.c"},"id":"ASB-A-255449293-6c6c442b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["226920422708811604153776438321752425920","256028773478336621521363198644248115645","103238438290887398710675692008040585033","322242168469623392234752613650614084011"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/expat/+/6944d3ebed0d631c92fdc31098e751b13dd110ba"},{"target":{"function":"parserCreate","file":"lib/xmlparse.c"},"id":"ASB-A-255449293-79a13a08","deprecated":false,"digest":{"length":2638,"function_hash":"241864677999275664780112028235468015180"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/expat/+/6944d3ebed0d631c92fdc31098e751b13dd110ba"}],"spl":"2023-02-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-255449293.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-02-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/expat/+/33765f82b29f6c1c5cecbbb8cf9dbd7327b3a93a"],"vanir_signatures":[{"target":{"function":"parserCreate","file":"lib/xmlparse.c"},"id":"ASB-A-255449293-51856fe7","deprecated":false,"digest":{"length":2638,"function_hash":"241864677999275664780112028235468015180"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/expat/+/33765f82b29f6c1c5cecbbb8cf9dbd7327b3a93a"},{"target":{"file":"lib/xmlparse.c"},"id":"ASB-A-255449293-f813a8a7","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["226920422708811604153776438321752425920","256028773478336621521363198644248115645","103238438290887398710675692008040585033","322242168469623392234752613650614084011"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/expat/+/33765f82b29f6c1c5cecbbb8cf9dbd7327b3a93a"}],"spl":"2023-02-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-255449293.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/expat/+/9b0f62fd0f75a5dd555e882b8f8bd2075723ea70"],"vanir_signatures":[{"target":{"file":"lib/xmlparse.c"},"id":"ASB-A-255449293-65cf5b47","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["226920422708811604153776438321752425920","256028773478336621521363198644248115645","103238438290887398710675692008040585033","322242168469623392234752613650614084011"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/expat/+/9b0f62fd0f75a5dd555e882b8f8bd2075723ea70"},{"target":{"function":"parserCreate","file":"lib/xmlparse.c"},"id":"ASB-A-255449293-7f0cb565","deprecated":false,"digest":{"length":2638,"function_hash":"241864677999275664780112028235468015180"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/expat/+/9b0f62fd0f75a5dd555e882b8f8bd2075723ea70"}],"spl":"2023-02-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-255449293.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-02-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/expat/+/63727cb0b8bdba580f5be48f7260e6e08fea5a5a"],"vanir_signatures":[{"target":{"function":"parserCreate","file":"lib/xmlparse.c"},"id":"ASB-A-255449293-0e9ebc85","deprecated":false,"digest":{"length":2628,"function_hash":"312759231179727010765375572738949972618"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/external/expat/+/63727cb0b8bdba580f5be48f7260e6e08fea5a5a"},{"target":{"file":"lib/xmlparse.c"},"id":"ASB-A-255449293-955c0572","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["226920422708811604153776438321752425920","256028773478336621521363198644248115645","103238438290887398710675692008040585033","322242168469623392234752613650614084011"]},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/external/expat/+/63727cb0b8bdba580f5be48f7260e6e08fea5a5a"}],"spl":"2023-02-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-255449293.json"}}],"schema_version":"1.7.5"}