How severe is CVE-2022-36227?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-36227?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2022-36227 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

Related Vulnerabilities

CVE-2014-8241

CRITICAL

CVSS:9.8(Critical)

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CWE-4762014

CVE-2014-9972

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

CWE-4762014

CVE-2015-0573

CRITICAL

CVSS:9.8(Critical)

drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows att...

CWE-4762015

CVE-2015-8592

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.

CWE-4762015

CVE-2015-8787

CRITICAL

CVSS:9.8(Critical)

The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or ...

CWE-4762015

CVE-2015-9038

CRITICAL

CVSS:9.8(Critical)

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.

CWE-4762015