Skip to content
Commit d7413734 authored by Fabrice Fontaine's avatar Fabrice Fontaine Committed by Thomas Petazzoni
Browse files

package/libarchive: fix CVE-2022-36227 



In libarchive 3.6.1, the software does not check for an error after
calling calloc function that can return with a NULL pointer if the
function fails, which leads to a resultant NULL pointer dereference.
NOTE: the discoverer cites this CWE-476 remark but third parties dispute
the code-execution impact: "In rare circumstances, when NULL is
equivalent to the 0x0 memory address and privileged code can access it,
then writing or reading memory is possible, which may lead to code
execution."

Signed-off-by: default avatarFabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: default avatarThomas Petazzoni <thomas.petazzoni@bootlin.com>
parent a34dcba9
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment