CVE-2022-36227

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36227

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36227.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-36227

Related

Published

2022-11-22T02:15:11Z

Modified

2024-12-05T15:33:18.601016Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

References

Affected packages

Alpine:v3.14 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.5.3-r1

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.3-r0

Alpine:v3.15 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r1

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

Alpine:v3.16 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r1

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

Alpine:v3.17 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r2

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

3.6.1-r1

Alpine:v3.18 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r2

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

3.6.1-r1

Alpine:v3.19 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r2

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

3.6.1-r1

Alpine:v3.20 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r2

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

3.6.1-r1

Alpine:v3.21 / libarchive

Package

Name: libarchive
Purl: pkg:apk/alpine/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-r2

Affected versions

2.*

2.8.4-r0

2.8.4-r1

2.8.4-r2

2.8.5-r0

3.*

3.0.2-r0

3.0.3-r0

3.0.4-r0

3.1.2-r0

3.1.2-r1

3.1.2-r2

3.2.0-r0

3.2.1-r0

3.2.1-r1

3.2.2-r0

3.2.2-r1

3.3.1-r0

3.3.1-r1

3.3.2-r0

3.3.2-r1

3.3.2-r2

3.3.2-r3

3.3.2-r4

3.3.3-r0

3.4.0-r0

3.4.1-r0

3.4.2-r0

3.4.3-r0

3.5.0-r0

3.5.1-r0

3.5.2-r0

3.5.2-r1

3.5.2-r2

3.6.0-r0

3.6.1-r0

3.6.1-r1

Debian:11 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.3-2+deb11u2

Affected versions

3.*

3.4.3-2

3.4.3-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libarchive

Package

Name: libarchive
Purl: pkg:deb/debian/libarchive?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libarchive/libarchive

Affected ranges

Type: GIT
Repo: https://github.com/libarchive/libarchive
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ba80276ccc3c941c4918ec6e2460059f0c525c43

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v3.*

v3.0.0a

v3.0.1b

v3.0.2

v3.0.3

v3.0.4

v3.1.0

v3.1.1

v3.1.2

v3.1.900a

v3.1.901a

v3.2.0

v3.2.1

v3.2.2

v3.3.0

v3.3.1

v3.3.2

v3.3.3

v3.4.0

v3.4.1

v3.4.2

v3.4.3

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1