CVE-2022-36227 : In libarchive before 3.6.2, the software does not check for an error after calli

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Published 2022-11-22 02:15:11

Updated 2024-03-27 16:04:27

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-36227

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder
Versions from including (>=) 8.2.0 and before (<) 8.2.12
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder
Versions from including (>=) 9.0.0 and before (<) 9.0.6
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
Matching versions
Splunk » Universal Forwarder » Version: 9.1.0
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
Matching versions
Libarchive » Libarchive
Versions from including (>=) 3.0.0 and before (<) 3.6.2
cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-36227

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-36227

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-36227

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-36227

https://bugs.gentoo.org/882521

882521 – (CVE-2022-36227) app-arch/libarchive: null pointer dereference
Issue Tracking;Patch;Third Party Advisory
https://github.com/libarchive/libarchive/blob/v3.0.0a/libarchive/archive_write.c#L215

libarchive/archive_write.c at v3.0.0a · libarchive/libarchive · GitHub
Third Party Advisory
https://security.gentoo.org/glsa/202309-14

libarchive: Multiple Vulnerabilities (GLSA 202309-14) — Gentoo security
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00034.html

[SECURITY] [DLA 3294-1] libarchive security update
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/

[SECURITY] Fedora 37 Update: libarchive-3.6.1-3.fc37 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory
https://github.com/libarchive/libarchive/issues/1754

There is a NULL pointer dereference vulnerability · Issue #1754 · libarchive/libarchive · GitHub
Issue Tracking;Patch;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V67OO2UUQAUJS3IK4JZPF6F3LUCBU6IS/

[SECURITY] Fedora 37 Update: libarchive-3.6.1-3.fc37 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-36227

Products affected by CVE-2022-36227

Exploit prediction scoring system (EPSS) score for CVE-2022-36227

CVSS scores for CVE-2022-36227

CWE ids for CVE-2022-36227

References for CVE-2022-36227