Lucene search
RedHatRHSA-2024:0146HistoryJan 10, 2024 - 12:32 p.m.
(RHSA-2024:0146) Low: libarchive security update
2024-01-1012:32:17
access.redhat.com
17
libarchive
security update
null pointer dereference
streaming archive formats
gnu tar
cpio
iso 9660
cd-rom images
bsdtar
python-libarchive
desktop file managers
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.008
Percentile
81.9%
The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers.
Security Fix(es):
- libarchive: NULL pointer dereference in archive_write.c (CVE-2022-36227)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 8 | s390x | libarchive-debuginfo | < 3.3.3-4.el8_6 | libarchive-debuginfo-3.3.3-4.el8_6.s390x.rpm |
| RedHat | 8 | aarch64 | bsdcpio-debuginfo | < 3.3.3-4.el8_6 | bsdcpio-debuginfo-3.3.3-4.el8_6.aarch64.rpm |
| RedHat | 8 | s390x | libarchive-debugsource | < 3.3.3-4.el8_6 | libarchive-debugsource-3.3.3-4.el8_6.s390x.rpm |
| RedHat | 8 | ppc64le | libarchive-debugsource | < 3.3.3-4.el8_6 | libarchive-debugsource-3.3.3-4.el8_6.ppc64le.rpm |
| RedHat | 8 | ppc64le | bsdcat-debuginfo | < 3.3.3-4.el8_6 | bsdcat-debuginfo-3.3.3-4.el8_6.ppc64le.rpm |
| RedHat | 8 | aarch64 | libarchive | < 3.3.3-4.el8_6 | libarchive-3.3.3-4.el8_6.aarch64.rpm |
| RedHat | 8 | i686 | libarchive-devel | < 3.3.3-4.el8_6 | libarchive-devel-3.3.3-4.el8_6.i686.rpm |
| RedHat | 8 | i686 | libarchive-debuginfo | < 3.3.3-4.el8_6 | libarchive-debuginfo-3.3.3-4.el8_6.i686.rpm |
| RedHat | 8 | x86_64 | bsdcpio-debuginfo | < 3.3.3-4.el8_6 | bsdcpio-debuginfo-3.3.3-4.el8_6.x86_64.rpm |
| RedHat | 8 | i686 | bsdcat-debuginfo | < 3.3.3-4.el8_6 | bsdcat-debuginfo-3.3.3-4.el8_6.i686.rpm |
Related
mageia
mageia
Updated libarchive packages fix security vulnerability
2022-12-14 01:09:19
nessus
nessus
Debian DLA-3294-1 : libarchive - LTS security update
2023-01-31 00:00:00
EulerOS Virtualization 2.9.0 : libarchive (EulerOS-SA-2023-1673)
2023-04-27 00:00:00
AlmaLinux 8 : libarchive (ALSA-2023:3018)
2023-05-20 00:00:00
oraclelinux
oraclelinux
libarchive security update
2023-05-15 00:00:00
libarchive security update
2023-05-24 00:00:00
gentoo
gentoo
libarchive: Multiple Vulnerabilities
2023-09-29 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0453)
2022-12-14 00:00:00
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2023-2154)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2023-1471)
2023-03-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-36227 affecting package libarchive 3.6.1-1
2022-12-06 23:44:35
CVE-2022-36227 affecting package libarchive for versions less than 3.6.1-2
2022-12-09 00:19:53
cvelist
cvelist
CVE-2022-36227
2022-11-22 00:00:00
nvd
nvd
CVE-2022-36227
2022-11-22 02:15:11
f5
f5
K000140954: libarchive vulnerability CVE-2022-36227
2024-09-05 00:00:00
osv
osv
libarchive - security update
2023-01-30 00:00:00
Low: libarchive security update
2023-05-09 00:00:00
CVE-2022-36227
2022-11-22 02:15:11
amazon
amazon
Low: libarchive
2023-09-27 22:49:00
Low: libarchive
2023-11-29 22:20:00
redhat
redhat
(RHSA-2023:2532) Low: libarchive security update
2023-05-09 05:13:22
(RHSA-2023:3018) Low: libarchive security update
2023-05-16 06:00:56
cgr
cgr
CVE-2022-36227 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2022-36227
2022-11-22 02:15:11
cnvd
cnvd
libarchive Code Execution Vulnerability
2022-11-24 00:00:00
A binary vulnerability exists in libarchive (CNVD-2022-90746)
2022-11-29 00:00:00
redos
redos
ROS-20221216-01
2022-12-16 00:00:00
redhatcve
redhatcve
CVE-2022-36227
2022-11-22 20:26:02
prion
prion
Null pointer dereference
2022-11-22 02:15:00
almalinux
almalinux
Low: libarchive security update
2023-05-09 00:00:00
Low: libarchive security update
2023-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2022-36227
2022-11-22 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: libarchive-3.6.1-3.fc37
2022-12-19 01:16:09
altlinux
altlinux
Security fix for the ALT Linux 10 package libarchive version 3.6.1-alt2
2022-12-12 00:00:00
veracode
veracode
NULL Pointer Dereference
2022-11-30 04:04:28
cve
cve
CVE-2022-36227
2022-11-22 02:15:11
ibm
ibm
debian
debian
[SECURITY] [DLA 3294-1] libarchive security update
2023-01-30 18:42:27
debiancve
debiancve
CVE-2022-36227
2022-11-22 02:15:11
wolfi
wolfi
CVE-2022-36227 vulnerabilities
2024-09-27 21:56:47
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0333
2023-02-14 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0532
2023-02-11 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0078
2023-08-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2205
2023-08-01 13:07:57
ics
ics
Siemens SCALANCE XCM-/XRM-300
2024-02-15 12:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.008
Percentile
81.9%
Related for RHSA-2024:0146