In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution.
No idea how a null pointer dereference could lead to code
execution. Unreleased patch is:
The reporter alleges this can achieve code execution on platforms where privileged code actually reads from the 0x0 memory address. I don't know of that being the case anywhere Gentoo is supported.
The fix looks trivial-ish, so I'll just put it straight to stable.
The bug has been closed via the following commit(s):
Author: Meena Shanmugam <email@example.com>
AuthorDate: 2022-12-06 00:32:30 +0000
Commit: Michał Górny <firstname.lastname@example.org>
CommitDate: 2022-12-06 06:02:16 +0000
app-arch/libarchive: Add patch to fix CVE-2022-36227.
New version is not released in libarchive with the CVE-2022-36227 fix.
Signed-off-by: Meena Shanmugam <email@example.com>
Signed-off-by: Michał Górny <firstname.lastname@example.org>
.../files/libarchive-3.6.1-CVE-2022-36227.patch | 35 ++++++++++++++++++++++
...ive-3.6.1.ebuild => libarchive-3.6.1-r1.ebuild} | 2 ++
2 files changed, 37 insertions(+)
Sorry, didn't intend to close it.
Cleaned up now, anyway.