CVE-2022-36227: 
Splunk Forwarder vulnerability analysis and mitigation

CVE-2022-36227 is a vulnerability discovered in libarchive, a multi-format archive and compression library. The issue was disclosed in November 2022 and affects libarchive versions before 3.6.2. The vulnerability stems from the software not checking for an error after calling the calloc function, which can return a NULL pointer if the function fails (NVD, Ubuntu).

The vulnerability exists in the _archivewriteallocatefilter function within archive_write.c. The code fails to verify the return value of calloc(1, sizeof(*f)) before dereferencing the pointer, which can lead to a NULL pointer dereference. The vulnerability has been assigned a CVSS 3.1 base score of 9.8 (Critical) (Ubuntu, GitHub Issue).

The primary impact of this vulnerability is a potential denial of service condition through NULL pointer dereference. While initially there were concerns about possible code execution in specific circumstances (when NULL is equivalent to the 0x0 memory address and privileged code can access it), this impact was disputed by third parties (Ubuntu).

The recommended mitigation is to upgrade to libarchive version 3.6.2 or later which includes the fix for this vulnerability. Various Linux distributions have also released patched versions through their security updates. For example, Red Hat has addressed this in version 3.3.3-4.el8_6, and Ubuntu has fixed this in multiple versions across different releases (Red Hat, Debian).