A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare d or default tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libarchive | Libarchive | - (including) | - (including) |
| Hardened_images | Redhat | - (including) | - (including) |
| Openshift_container_platform | Redhat | 4.0 (including) | 4.0 (including) |
| Enterprise_linux | Redhat | 6.0 (including) | 6.0 (including) |
| Enterprise_linux | Redhat | 7.0 (including) | 7.0 (including) |
| Enterprise_linux | Redhat | 8.0 (including) | 8.0 (including) |
| Enterprise_linux | Redhat | 9.0 (including) | 9.0 (including) |
| Enterprise_linux | Redhat | 10.0 (including) | 10.0 (including) |
| Red Hat Hardened Images | RedHat | libarchive-main-3.8.7-1.hum1 | * |
| Libarchive | Ubuntu | devel | * |
| Libarchive | Ubuntu | esm-infra-legacy/trusty | * |
| Libarchive | Ubuntu | esm-infra-legacy/xenial | * |
| Libarchive | Ubuntu | esm-infra/bionic | * |
| Libarchive | Ubuntu | esm-infra/focal | * |
| Libarchive | Ubuntu | esm-infra/xenial | * |
| Libarchive | Ubuntu | jammy | * |
| Libarchive | Ubuntu | noble | * |
| Libarchive | Ubuntu | questing | * |
| Libarchive | Ubuntu | resolute | * |