Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

Mageia 8: MGASA-2022-0453 Critical: Libarchive NULL Pointer Dereference

mageia
Calendar Grey December 13, 2022
Dist Mageia Esm H88
The latest libarchive updates resolve critical vulnerabilities linked to NULL pointer dereferencing in Mageia 8. Announced in December 2022.
In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NU...

Summary

In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. (CVE-2022-36227)

References

- https://bugs.mageia.org/show_bug.cgi?id=31179

- https://lists.suse.com/pipermail/sle-security-updates/2022-November/013094.html

-

- https://www.cve.org/CVERecord?id=CVE-2022-36227

Resolution

SRPMS

- 8/core/libarchive-3.6.1-1.1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 13 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0453.html
Type: security
CVE: CVE-2022-36227

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.