home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/libarchive
History
Fabrice Fontaine 8bac160a21 package/libarchive: fix CVE-2022-36227 
In libarchive 3.6.1, the software does not check for an error after
calling calloc function that can return with a NULL pointer if the
function fails, which leads to a resultant NULL pointer dereference.
NOTE: the discoverer cites this CWE-476 remark but third parties dispute
the code-execution impact: "In rare circumstances, when NULL is
equivalent to the 0x0 memory address and privileged code can access it,
then writing or reading memory is possible, which may lead to code
execution."

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit d74137341d)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2022-12-07 14:36:08 +01:00
..
0001-libarchive-Handle-a-calloc-returning-NULL.patch package/libarchive: fix CVE-2022-36227 2022-12-07 14:36:08 +01:00
Config.in
libarchive.hash
libarchive.mk package/libarchive: fix CVE-2022-36227 2022-12-07 14:36:08 +01:00