Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1024669: libarchive: CVE-2022-36227: Null pointer dereference in archive_write.c
20 views
Skip to first unread message
Salvatore Bonaccorso
Nov 22, 2022, 4:50:04 PM11/22/22
to
Source: libarchive
Version: 3.6.0-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/libarchive/libarchive/issues/1754
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for libarchive, filling
downstream for tracking.
CVE-2022-36227[0]:
| In libarchive 3.6.1, the software does not check for an error after
| calling calloc function that can return with a NULL pointer if the
| function fails, which leads to a resultant NULL pointer dereference
| or, in some cases, even arbitrary code execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-36227
https://www.cve.org/CVERecord?id=CVE-2022-36227
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Version: 3.6.0-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/libarchive/libarchive/issues/1754
X-Debbugs-Cc: car...@debian.org, Debian Security Team <te...@security.debian.org>
Hi,
The following vulnerability was published for libarchive, filling
downstream for tracking.
CVE-2022-36227[0]:
| In libarchive 3.6.1, the software does not check for an error after
| calling calloc function that can return with a NULL pointer if the
| function fails, which leads to a resultant NULL pointer dereference
| or, in some cases, even arbitrary code execution.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-36227
https://www.cve.org/CVERecord?id=CVE-2022-36227
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
0 new messages