2144972 – (CVE-2022-36227) CVE-2022-36227 libarchive: NULL pointer dereference in archive_write.c

Bug 2144972 (CVE-2022-36227) - CVE-2022-36227 libarchive: NULL pointer dereference in archive_write.c

Summary: CVE-2022-36227 libarchive: NULL pointer dereference in archive_write.c

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2022-36227
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2144973 2144974 2144975 2147362 2147363
Blocks:	2144976
TreeView+	depends on / blocked

Reported:	2022-11-22 20:01 UTC by Pedro Sampaio
Modified:	2024-03-18 17:46 UTC (History)
CC List:	40 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2023-05-17 00:51:37 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:2532	None	None	None	2023-05-09 07:56:51 UTC
Red Hat Product Errata	RHSA-2023:3018	None	None	None	2023-05-16 08:43:31 UTC
Red Hat Product Errata	RHSA-2024:0146	None	None	None	2024-01-10 13:22:38 UTC

Description Pedro Sampaio 2022-11-22 20:01:01 UTC

In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution.

Upstream patch:
https://github.com/libarchive/libarchive/commit/fd180c36036df7181a64931264732a10ad8cd024

Comment 1 Pedro Sampaio 2022-11-22 20:01:25 UTC

Created cmake3 tracking bugs for this issue:

Affects: epel-all [bug 2144973]


Created libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2144974]


Created mingw-libarchive tracking bugs for this issue:

Affects: fedora-all [bug 2144975]

Comment 2 Guilherme de Almeida Suckevicz 2022-11-23 19:08:33 UTC

Reference:
https://github.com/libarchive/libarchive/issues/1754

Comment 5 errata-xmlrpc 2023-05-09 07:56:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2532 https://access.redhat.com/errata/RHSA-2023:2532

Comment 7 errata-xmlrpc 2023-05-16 08:43:29 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:3018 https://access.redhat.com/errata/RHSA-2023:3018

Comment 8 Product Security DevOps Team 2023-05-17 00:51:33 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-36227

Comment 10 errata-xmlrpc 2024-01-10 13:22:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0146 https://access.redhat.com/errata/RHSA-2024:0146

Note You need to log in before you can comment on or make changes to this bug.

acrosby
adudiak
aoconnor
bdettelb
caswilli
databases-maint
dffrench
dhalasz
dkuc
fjansen
gzaronik
hbraun
hkataria
ikanias
jary
jburrell
jkoehler
jmitchel
jtanner
jwon
kaycoth
kshier
ljavorsk
micjohns
mmuzila
ngough
pkubat
praiskup
rbobbitt
rgodfrey
rravi
stcannon
sthirugn
tcarlin
tfister
tohughes
vkrizan
vmugicag
yguenane
zmiklank