Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-36227

Опубликовано: 22 нояб. 2022
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 9.8

Описание

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

3.6.2-1ubuntu1
esm-infra-legacy/trusty

released

3.1.2-7ubuntu2.8+esm3
esm-infra/bionic

released

3.2.2-3.1ubuntu0.7+esm1
esm-infra/focal

released

3.4.0-2ubuntu1.3
esm-infra/xenial

released

3.1.2-11ubuntu0.16.04.8+esm1
focal

released

3.4.0-2ubuntu1.3
jammy

released

3.6.0-1ubuntu1.2
kinetic

ignored

end of life, was needed
lunar

not-affected

3.6.2-1ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00433
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-36227

CVSS3: 5.9
redhat
около 3 лет назад

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

nvd логотип

CVE-2022-36227

CVSS3: 9.8
nvd
почти 3 года назад

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

msrc логотип

CVE-2022-36227

CVSS3: 9.8
msrc
почти 3 года назад

Описание отсутствует

debian логотип

CVE-2022-36227

CVSS3: 9.8
debian
почти 3 года назад

In libarchive before 3.6.2, the software does not check for an error a ...

suse-cvrf логотип

SUSE-SU-2022:4296-1

suse-cvrf
почти 3 года назад

Security update for libarchive

EPSS

Процентиль: 62%
0.00433
Низкий

9.8 Critical

CVSS3