CVE-2019-14876: 
NixOS vulnerability analysis and mitigation

In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure (CENSUS Advisory, NVD).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) issue. The bug occurs in the __lshift function where Balloc is used to allocate memory for a big integer, but the code fails to verify if the allocation was successful. When memory allocation fails, subsequent access to b1 triggers a null pointer dereference. The vulnerability has a CVSS v3.1 Base Score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (NVD).

When exploited, this vulnerability can lead to a null pointer dereference, potentially causing a system crash or denial of service. On embedded systems where the Device Vector Table is mapped at address 0x0, reading from or writing to this address may leak interrupt handler addresses or allow overwriting of interrupt handlers (CENSUS Advisory).

Users are strongly advised to update to newlib version 3.3.0 or later, which includes patches for this vulnerability. When building the library, it's recommended to enable the newlib-reent-check-verify 'configure' option. For devices that cannot be updated, implementing memory protection for pages near the 0x0 address can help limit the implications of such attacks (CENSUS Advisory).