cbcvebase.
CVE-2023-40128
published 2023-10-27

CVE-2023-40128: In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege…

PriorityP342high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.10%
1.1th percentile
In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected

13 ranges
VendorProductVersion rangeFixed in
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
platformexternal_libxml2>= 11:0 < 11:2023-10-0111:2023-10-01
platformexternal_libxml2>= 12:0 < 12:2023-10-0112:2023-10-01
platformexternal_libxml2>= 12L:0 < 12L:2023-10-0112L:2023-10-01
platformexternal_libxml2>= 13:0 < 13:2023-10-0113:2023-10-01
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.