CVE-2020-27794: 
NixOS vulnerability analysis and mitigation

A double free vulnerability was discovered in radare2's cmd_info.c:cmd_info() function. The vulnerability was assigned CVE-2020-27794 and affects versions prior to the fix. When successfully exploited, this vulnerability could lead to modification of unexpected memory locations and potentially cause system crashes (NVD).

The vulnerability occurs due to improper memory management in the cmd_info() function. Specifically, the issue arises when the core->table_query is freed multiple times: once in cmd_info.c and again in core.c's r_core_fini function, without properly nullifying the pointer after the first free operation. The vulnerability has been assigned a CVSS v3.1 score of 9.1 CRITICAL (NVD, GitHub Issue).

Successful exploitation of this vulnerability could allow attackers to modify unexpected memory locations and potentially cause system crashes. The double free condition could lead to memory corruption and potential denial of service conditions (NVD).

The vulnerability was fixed by replacing the direct free() call with R_FREE() macro in the core.c file, which ensures proper handling of the pointer after freeing. Users should upgrade to a patched version of radare2 that includes the fix implemented in commit cb8b683 (GitHub Commit).