CVE-2020-28163: 
NixOS vulnerability analysis and mitigation

CVE-2020-28163 affects libdwarf versions before 20201201. The vulnerability involves a NULL pointer dereference and application crash in the dwarfprintlines.c file when processing a DWARF5 line-table header that contains an invalid FORM for a pathname (NVD, CVE).

The vulnerability exists in the line table processing functionality of libdwarf, specifically in dwarfprintlines.c. When processing a DWARF5 line-table header with an invalid FORM for a pathname, the fifilename field for a file entry can be null, leading to a NULL pointer dereference when the code attempts to access this field. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can cause an application crash through a NULL pointer dereference. This primarily affects the availability of systems using the vulnerable libdwarf versions, as it can lead to denial of service conditions (NVD).

The vulnerability was fixed in libdwarf version 20201201. The fix involves adding proper validation for the fifilename field and implementing a string handling mechanism to avoid passing a null value to dwarfstring_append (Libdwarf Bug, GitHub Fix).