Oval Definition:oval:org.opensuse.security:def:202236227
Revision Date:2023-06-22Version:1
Title:CVE-2022-36227
Description:

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2022-36227
SUSE CVE-2022-36227
SUSE-SU-2022:4202-1
SUSE-SU-2022:4209-1
SUSE-SU-2022:4296-1
Platform(s):openSUSE Leap Micro 5.3
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.3
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • openSUSE Leap Micro 5.3 is installed
  • AND Package Information
  • libarchive13-3.5.1-150400.3.12.1 is installed
  • AND libarchive13 is signed with openSUSE key
  • Definition Synopsis
  • SUSE Linux Enterprise Micro 5.3 is installed
  • AND libarchive13-3.5.1-150400.3.12.1 is installed
  • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND bsdtar-3.5.1-150400.3.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • libarchive-devel-3.5.1-150400.3.12.1 is installed
  • OR libarchive13-3.5.1-150400.3.12.1 is installed
  • BACK