In libarchive before 3.6.2, the... CVE-2022-36227

- AV AC AU C I A
发布: 2022-11-22
修订: 2024-11-21

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

0%
暂无可用Exp或PoC
当前有7条受影响产品信息