CVE-2020-2803: 
NixOS vulnerability analysis and mitigation

CVE-2020-2803 is a security vulnerability discovered in Java SE and Java SE Embedded that affects the boundary checks in the java.nio buffer classes. The vulnerability was disclosed in April 2020 as part of Oracle's Critical Patch Update. This difficult-to-exploit vulnerability allows unauthenticated attackers with network access to compromise Java SE through multiple protocols (Oracle CPU).

The vulnerability stems from incorrect boundary checks and type checks in the java.nio buffer classes within the Libraries component of OpenJDK, which could be bypassed in certain cases. The vulnerability has a CVSS v3.0 base score of 8.3 (HIGH) with the vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H, indicating it requires network access and user interaction to exploit (NVD).

Successful exploitation of this vulnerability could lead to unauthorized takeover of Java, allowing attackers to bypass sandbox restrictions causing unspecified impact. The vulnerability could potentially result in the unauthorized reading or modification of data accessible to the Java process (Red Hat CVE).

The vulnerability was patched in multiple Java versions: Java SE versions 7u251, 8u241, 11.0.6, and 14, as well as Java SE Embedded version 8u241. Users are strongly recommended to update to these or later versions. For systems that cannot be immediately updated, no specific workarounds were provided, making patching the primary mitigation strategy (Oracle CPU).