RockyLinux 8 : libarchive (RLSA-2023:3018)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3018 advisory. libarchive: NULL pointer dereference in archivewrite.c CVE-2022-36227 Tenable has extracted the preceding description block directly from the RockyLinux security...

MiracleLinux 8 : libarchive-3.3.3-5.el8 (AXSA:2023-5565:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5565:02 advisory. libarchive: NULL pointer dereference in archivewrite.c CVE-2022-36227 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : libarchive-3.5.3-4.el9 (AXSA:2023-5392:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5392:01 advisory. libarchive: NULL pointer dereference in archivewrite.c CVE-2022-36227 Tenable has extracted the preceding description block directly from the MiracleLinux...

TencentOS Server 4: libarchive (TSSA-2025:0056)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0056 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 3: libarchive (TSSA-2023:0138)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0138 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0148: libarchive (ALINUX3-SA-2023:0148)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0148 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-36227: In libarchive before 3.6.2, the...

Advisory ROSA-SA-2025-2704

Software: libarchive 3.3.2003 OS: ROSA Virtualization 3.0 packageevrstring: libarchive-3.3.2003 CVE-ID: CVE-2022-36227 BDU-ID: 2022-07496 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the calloc function of the libarchive archiving library is related to pointer dereferencing errors...

Fedora 37 : libarchive (2022-e15be0091f)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-e15be0091f advisory. Fix for CVE-2022-36227 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

F5 Networks BIG-IP : libarchive vulnerability (K000140954)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000140954 advisory. In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return wit...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2024-2277)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Photon OS 5.0: Libarchive PHSA-2023-5.0-0078

An update of the libarchive package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2023-5.0-0078. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CentOS 9 : libarchive-3.5.3-4.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libarchive-3.5.3-4.el9 build changelog. - In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the...

RHEL 8 : libarchive (RHSA-2024:0146)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0146 advisory. The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM...

Low: libarchive

Issue Overview: In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference or, in some cases, even arbitrary code execution. CVE-2022-36227 Affected...

Low: libarchive

Issue Overview: No CVE associated with this advisory Affected Packages: libarchive Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update libarchive or yum upda...

Amazon Linux 2 : libarchive (ALAS-2023-2279)

The version of libarchive installed on the remote host is prior to 3.1.2-14. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2279 advisory. In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer...

BELL-CVE-2022-36227 CVE-2022-36227 does not affect BellSoft software

Bulletin has no description...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libarchive (CVE-2022-36227)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in libarchive, caused by a NULL pointer dereference flaw due to not check for an error after calling calloc function CVE-2022-36227. libarchive is included as part of the Base OS used by o...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2023-2427)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2023 : bsdcat, bsdcpio, bsdtar (ALAS2023-2023-246)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-246 advisory. In libarchive 3.6.1, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference...