Cyber Resilience

CVE-2022-36227

Critical

Published: 22 November 2022

Published
22 November 2022
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0055 68.4th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-36227 is a critical-severity NULL Pointer Dereference (CWE-476) vulnerability in Splunk Universal Forwarder. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 31.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this…

more

CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

libarchive
libarchive
3.0.0 — 3.6.2
debian
debian linux
10.0
fedoraproject
fedora
37
splunk
universal forwarder
9.1.0 · 8.2.0 — 8.2.12 · 9.0.0 — 9.0.6

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References