CVE-2020-27793: 
NixOS vulnerability analysis and mitigation

CVE-2020-27793 is an off-by-one overflow vulnerability discovered in radare2, a reverse engineering framework. The vulnerability exists due to a mismatched array length in core_java.c file. This vulnerability affects radare2 versions up to (excluding) 4.4.0 (NVD).

The vulnerability stems from an off-by-one error (CWE-193) in the corejava.c file where the ENDCMDS value did not match the actual length of the JAVACMDS array. The issue was fixed by adjusting the loop condition from 'i < ENDCMDS' to 'i < END_CMDS - 1'. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (NVD, GitHub Commit).

When exploited, this vulnerability could allow an attacker to cause a crash of the application, resulting in a denial of service condition. The vulnerability affects the availability of the system while not impacting confidentiality or integrity (NVD).

The vulnerability was fixed in radare2 version 4.4.0. Users are recommended to upgrade to this version or later to mitigate the vulnerability. The fix involves correcting the array length comparison in core_java.c (GitHub Commit).