NULL Pointer Dereference Affecting libarchive package, versions <0:3.3.3-5.el8



    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    EPSS 0.37% (73rd percentile)
Expand this section
9.8 critical
Expand this section
Red Hat
5.9 medium
Expand this section
3.3 low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • published 16 May 2023
  • disclosed 22 Nov 2022

How to fix?

Upgrade Oracle:8 libarchive to version 0:3.3.3-5.el8 or higher.
This issue was patched in ELSA-2023-3018.

NVD Description

Note: Versions mentioned in the description apply only to the upstream libarchive package and not the libarchive package as distributed by Oracle. See How to fix? for Oracle:8 relevant fixed versions and status.

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."