In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libarchive | Libarchive | 3.0.0 (including) | 3.6.2 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | libarchive-0:3.3.3-5.el8 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | libarchive-0:3.3.3-4.el8_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | libarchive-0:3.5.3-4.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | libarchive-0:3.5.3-4.el9 | * |
| Libarchive | Ubuntu | bionic | * |
| Libarchive | Ubuntu | esm-infra/bionic | * |
| Libarchive | Ubuntu | esm-infra/xenial | * |
| Libarchive | Ubuntu | focal | * |
| Libarchive | Ubuntu | jammy | * |
| Libarchive | Ubuntu | kinetic | * |
| Libarchive | Ubuntu | trusty | * |
| Libarchive | Ubuntu | trusty/esm | * |
| Libarchive | Ubuntu | upstream | * |
| Libarchive | Ubuntu | xenial | * |