CVE-2019-8720: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2019-8720) was discovered in WebKit, affecting WebKitGTK versions before 2.26.0 and WPE WebKit versions before 2.26.0. The vulnerability was discovered by Wen Xu of SSLab at Georgia Tech and was disclosed through WebKitGTK Security Advisory WSA-2019-0005 (WebKit Advisory).

The vulnerability is characterized by multiple memory corruption issues that occur when processing maliciously crafted web content. The flaw received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

When exploited, this vulnerability could lead to arbitrary code execution on affected systems. The vulnerability affects the confidentiality, integrity, and availability of the system, all rated as High according to the CVSS scoring (NVD).

The vulnerability was addressed by improving memory handling in WebKitGTK version 2.26.0 and later. Red Hat has released fixes through RHSA-2020:4035 for RHEL 7 and RHSA-2020:4451 for RHEL 8 (Red Hat Bugzilla). Users are advised to update to the latest stable versions of WebKitGTK and WPE WebKit to ensure system security.