CVE-2022-36227

moderate-risk
Published 2022-11-22

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: ba80276ccc3c941c4918ec6e2460059f0c525c43
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (5)

Affected Vendors

Debian Fedoraproject Splunk Libarchive

References (13)

Issue Tracking https://bugs.gentoo.org/882521
Third Party Advisory https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c...
Issue Tracking https://github.com/libarchive/libarchive/issues/1754
Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.gentoo.org/glsa/202309-14
Issue Tracking https://bugs.gentoo.org/882521
Third Party Advisory https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c...
Issue Tracking https://github.com/libarchive/libarchive/issues/1754
Third Party Advisory https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00007.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://security.gentoo.org/glsa/202309-14
46
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 12/34 · Low