UBUNTU-CVE-2022-36227

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-36227

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-36227.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-36227

Related

Published

2022-11-22T02:15:00Z

Modified

2024-10-17T08:30:53Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

References

Affected packages

Ubuntu:Pro:14.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-7ubuntu2.8+esm3

Affected versions

3.*

3.1.2-5ubuntu1

3.1.2-7ubuntu1

3.1.2-7ubuntu2

3.1.2-7ubuntu2.1

3.1.2-7ubuntu2.2

3.1.2-7ubuntu2.3

3.1.2-7ubuntu2.4

3.1.2-7ubuntu2.6

3.1.2-7ubuntu2.7

3.1.2-7ubuntu2.8

3.1.2-7ubuntu2.8+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "bsdcpio"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "bsdcpio-dbgsym"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "bsdtar"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "bsdtar-dbgsym"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.1.2-7ubuntu2.8+esm3",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.2-11ubuntu0.16.04.8+esm1

Affected versions

3.*

3.1.2-11build1

3.1.2-11ubuntu0.16.04.1

3.1.2-11ubuntu0.16.04.2

3.1.2-11ubuntu0.16.04.3

3.1.2-11ubuntu0.16.04.4

3.1.2-11ubuntu0.16.04.5

3.1.2-11ubuntu0.16.04.6

3.1.2-11ubuntu0.16.04.7

3.1.2-11ubuntu0.16.04.8

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "bsdcpio"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "bsdcpio-dbgsym"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "bsdtar"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "bsdtar-dbgsym"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.1.2-11ubuntu0.16.04.8+esm1",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.2.2-3.1ubuntu0.7+esm1

Affected versions

3.*

3.2.2-3.1

3.2.2-3.1ubuntu0.1

3.2.2-3.1ubuntu0.2

3.2.2-3.1ubuntu0.3

3.2.2-3.1ubuntu0.4

3.2.2-3.1ubuntu0.5

3.2.2-3.1ubuntu0.6

3.2.2-3.1ubuntu0.7

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "bsdcpio"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "bsdtar"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "libarchive-tools"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "libarchive-tools-dbgsym"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.2.2-3.1ubuntu0.7+esm1",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.0-2ubuntu1.3

Affected versions

3.*

3.4.0-1

3.4.0-1build1

3.4.0-1ubuntu2

3.4.0-2ubuntu1

3.4.0-2ubuntu1.1

3.4.0-2ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.4.0-2ubuntu1.3",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.4.0-2ubuntu1.3",
            "binary_name": "libarchive-tools"
        },
        {
            "binary_version": "3.4.0-2ubuntu1.3",
            "binary_name": "libarchive-tools-dbgsym"
        },
        {
            "binary_version": "3.4.0-2ubuntu1.3",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.4.0-2ubuntu1.3",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}

Ubuntu:22.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.0-1ubuntu1.2

Affected versions

3.*

3.4.3-2

3.4.3-2build1

3.5.2-1

3.5.2-1ubuntu1

3.6.0-1ubuntu1

3.6.0-1ubuntu1.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.6.0-1ubuntu1.2",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.6.0-1ubuntu1.2",
            "binary_name": "libarchive-tools"
        },
        {
            "binary_version": "3.6.0-1ubuntu1.2",
            "binary_name": "libarchive-tools-dbgsym"
        },
        {
            "binary_version": "3.6.0-1ubuntu1.2",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.6.0-1ubuntu1.2",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}

Ubuntu:24.04:LTS / libarchive

Package

Name: libarchive
Purl: pkg:deb/ubuntu/libarchive?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "3.6.2-1ubuntu1",
            "binary_name": "libarchive-dev"
        },
        {
            "binary_version": "3.6.2-1ubuntu1",
            "binary_name": "libarchive-tools"
        },
        {
            "binary_version": "3.6.2-1ubuntu1",
            "binary_name": "libarchive-tools-dbgsym"
        },
        {
            "binary_version": "3.6.2-1ubuntu1",
            "binary_name": "libarchive13"
        },
        {
            "binary_version": "3.6.2-1ubuntu1",
            "binary_name": "libarchive13-dbgsym"
        }
    ]
}