CVE-2020-11958: 
NixOS vulnerability analysis and mitigation

re2c version 1.3, a tool for generating C-based recognizers from regular expressions, was found to contain a heap-based buffer overflow vulnerability in the Scanner::fill function within parse/scanner.cc. The vulnerability was discovered by Agostino Sarubbo on April 17, 2020, and was assigned CVE-2020-11958. The issue was promptly fixed by the upstream maintainers on the same day (Gentoo Blog).

The vulnerability is triggered when processing a specially crafted file containing a very long lexeme that doesn't fit into the buffer, forcing buffer reallocation. The crash was caused by an incorrect calculation of the shift offset, which was smaller than necessary. As a consequence, the data from buffer start and up to the beginning of the current lexeme was not discarded, resulting in less free space for new data than expected. The vulnerability has a CVSS 3.1 Base Score of 7.8 (High) (Ubuntu Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code or cause a Denial of Service condition. The heap buffer overflow could potentially lead to system compromise when processing maliciously crafted input files (Gentoo Security, Ubuntu USN).

The vulnerability was fixed in re2c version 2.0 through a commit that corrected the shift offset calculation. Users are advised to upgrade to version 1.3-r1 or later. For Ubuntu users, updates were released for Ubuntu 19.10 (version 1.2.1-1ubuntu0.1) and Ubuntu 20.04 LTS (version 1.3-1ubuntu0.1) (Github Commit, Ubuntu USN).