CVE-2022-36227

2022-11-2202:15:11

Debian Security Bug Tracker

security-tracker.debian.org

149

libarchive

3.6.2

null pointer

dereference

calloc

error

code execution

unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.005 Low

EPSS

Percentile

76.2%

JSON

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: “In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.”

OSVersionArchitecturePackageVersionFilename
Debian12alllibarchive< 3.6.2-1libarchive_3.6.2-1_all.deb
Debian11alllibarchive<= 3.4.3-2+deb11u1libarchive_3.4.3-2+deb11u1_all.deb
Debian10alllibarchive< 3.3.3-4+deb10u3libarchive_3.3.3-4+deb10u3_all.deb
Debian999alllibarchive< 3.6.2-1libarchive_3.6.2-1_all.deb
Debian13alllibarchive< 3.6.2-1libarchive_3.6.2-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libarchive	< 3.6.2-1	libarchive_3.6.2-1_all.deb
Debian	11	all	libarchive	<= 3.4.3-2+deb11u1	libarchive_3.4.3-2+deb11u1_all.deb
Debian	10	all	libarchive	< 3.3.3-4+deb10u3	libarchive_3.3.3-4+deb10u3_all.deb
Debian	999	all	libarchive	< 3.6.2-1	libarchive_3.6.2-1_all.deb
Debian	13	all	libarchive	< 3.6.2-1	libarchive_3.6.2-1_all.deb