CVE-2020-10675: 
NixOS vulnerability analysis and mitigation

CVE-2020-10675 is a security vulnerability discovered in the jsonparser Go library that affects the Delete function implementation. The vulnerability was identified and fixed in April 2020, affecting the github.com/buger/jsonparser package. The issue impacts systems using vulnerable versions of this Go library (Fedora Update).

The vulnerability manifests as an infinite loop condition in the Delete function of the jsonparser library. When specific malformed input is provided to the Delete function, it can cause the program to enter an endless loop, effectively creating a denial of service condition. The issue was demonstrated through a proof of concept where passing certain malformed byte arrays to the Delete function would cause the program to hang (GitHub Issue).

The primary impact of this vulnerability is a denial of service condition. When exploited, the vulnerability can cause applications using the affected library to become unresponsive due to the infinite loop, potentially affecting system availability and resource utilization (Fedora Update).

The vulnerability was fixed in commit f7e751efca132eb5c767c4b0b20f68524ba89742. Users are advised to update to versions containing this fix. Fedora released security updates for both Fedora 31 (version 0-0.8.20200406gitf7e751e.fc31) and Fedora 32 (version 0-0.9.20200406gitf7e751e.fc32) to address this vulnerability (Fedora Update).