Libarchive <3.6.2 NPE via calloc null ptr -> code exec risk
CVE-2022-36227 Published on November 22, 2022

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2022-36227

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-36227 are published in these products:

Libarchive

Debian Linux

Fedora Project Fedora

Splunk Universal Forwarder

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.42%

Percentile

61.81%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Libarchive <3.6.2 NPE via calloc null ptr -> code exec riskCVE-2022-36227 Published on November 22, 2022

Products Associated with CVE-2022-36227

Exploit Probability

Libarchive <3.6.2 NPE via calloc null ptr -> code exec risk
CVE-2022-36227 Published on November 22, 2022