CVE-2023-40128
published 2023-10-27CVE-2023-40128: In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege…
PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.10%
1.1th percentile
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| android | — | — | |
| platform | external_libxml2 | >= 11:0 < 11:2023-10-01 | 11:2023-10-01 |
| platform | external_libxml2 | >= 12:0 < 12:2023-10-01 | 12:2023-10-01 |
| platform | external_libxml2 | >= 12L:0 < 12L:2023-10-01 | 12L:2023-10-01 |
| platform | external_libxml2 | >= 13:0 < 13:2023-10-01 | 13:2023-10-01 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2023-40128: Android Security Bulletin 2023-10-01
CVE: CVE-2023-40128
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12, 12L, 13
References: A-274231102
vendor_android·2023-10-01·CVSS 7.8
CVE-2023-40128 [HIGH] CVE-2023-40128: Android Security Bulletin 2023-10-01
CVE: CVE-2023-40128
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12, 12L, 13
References: A-274231102
Android Security Bulletin 2023-10-01
CVE: CVE-2023-40128
Severity: HIGH
Type: EoP
Affected AOSP versions: 11, 12, 12L, 13
References: A-274231102
GHSA
GHSA-pjgc-q78w-v6ph: In several functions of xmlregexp
ghsa_unreviewed·2023-10-27
CVE-2023-40128 [HIGH] CWE-787 GHSA-pjgc-q78w-v6ph: In several functions of xmlregexp
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
OSV
CVE-2023-40128: In several functions of xmlregexp
osv·2023-10-01
CVE-2023-40128 CVE-2023-40128: In several functions of xmlregexp
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7https://source.android.com/security/bulletin/2023-10-01https://android.googlesource.com/platform/external/libxml2/+/1ccf89b87a3969edd56956e2d447f896037c8be7https://source.android.com/security/bulletin/2023-10-01
2023-10-27
Published