From 3cee012179b3482b1b50173953cbbc4c2ab24587 Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Sat, 18 Apr 2026 13:57:04 -0700
Subject: [PATCH] Improve GHSA-fjqv-vj6q-4fcm

---
 .../GHSA-fjqv-vj6q-4fcm.json                  | 28 +++++++++++++++----
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json b/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json
index e86230479f009..f1db43656aac7 100644
--- a/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json
+++ b/advisories/unreviewed/2026/04/GHSA-fjqv-vj6q-4fcm/GHSA-fjqv-vj6q-4fcm.json
@@ -1,19 +1,37 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-fjqv-vj6q-4fcm",
-  "modified": "2026-04-07T18:31:37Z",
+  "modified": "2026-04-07T18:31:45Z",
   "published": "2026-04-07T18:31:37Z",
   "aliases": [
     "CVE-2026-5745"
   ],
-  "details": "A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS).",
+  "summary": "Non-exploitable code flaw in libarchive",
+  "details": "A flaw was found in libarchive. A NULL pointer is incremented in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare \"d\" or \"default\" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. This is not exploitable, since the incremented pointer is not dereferenced.",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "type": "ADVISORY",
@@ -29,9 +47,7 @@
     }
   ],
   "database_specific": {
-    "cwe_ids": [
-      "CWE-476"
-    ],
+    "cwe_ids": [],
     "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,