Improve GHSA-fjqv-vj6q-4fcm

kientzle · kientzle · commit 3cee012179b3 · 2026-04-18T13:57:04.000-07:00
diff --git a/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json b/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json
@@ -1,19 +1,37 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fjqv-vj6q-4fcm",
-  "modified": "2026-04-07T18:31:37Z",
+  "modified": "2026-04-07T18:31:45Z",
   "published": "2026-04-07T18:31:37Z",
   "aliases": [
     "CVE-2026-5745"
   ],
-  "details": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).",
+  "summary": "Non-exploitable code flaw in libarchive",
+  "details": "A flaw was found in libarchive. A NULL pointer is incremented in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. This is not exploitable, since the incremented pointer is not dereferenced.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -29,9 +47,7 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [
-      "CWE-476"
-    ],
+    "cwe_ids": [],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
