CVE
CVE-2022-36227
| CVE ID |
CVE-2022-36227
|
|---|---|
| CVSS Score |
9.8
|
| Operating System | |
| Affected Versions | |
| Patched Versions |
libarchive-3.1.2-14_ol002.el7
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
NVD Listing: NVD - CVE-2022-36227
- Backported patch to address CVE-2022-36227.
In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."