CVE-2020-19724: 
NixOS vulnerability analysis and mitigation

A memory consumption issue was identified in the get_data function within binutils/nm.c in GNU nm before version 2.34. This vulnerability allows attackers to cause a denial of service through a crafted command (NVD, Ubuntu Security).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue stems from a memory leak in the get_data function, which can lead to memory exhaustion when processing certain inputs. The vulnerability is categorized as CWE-401 (Missing Release of Memory after Effective Lifetime) (NVD).

When exploited, this vulnerability can cause a denial of service through memory exhaustion, potentially affecting system availability. The impact is limited to availability with no direct effect on confidentiality or integrity of the system (Ubuntu Security Notice).

The vulnerability has been fixed in GNU binutils version 2.34 and later. For affected systems, updates are available through various distribution channels. Ubuntu has released fixes for affected versions: Ubuntu 18.04 (2.30-21ubuntu1~18.04.9+esm1), Ubuntu 16.04 (2.26.1-1ubuntu1~16.04.8+esm7), and Ubuntu 14.04 (2.24-5ubuntu14.2+esm3) (Ubuntu Security Notice).