CVE-2021-3510: 
NixOS vulnerability analysis and mitigation

The Zephyr JSON decoder contains a vulnerability (CVE-2021-3510) that incorrectly decodes array of array structures. This vulnerability affects Zephyr versions >= 1.14.0 and >= 2.5.0, and was discovered on June 20, 2020. The issue specifically occurs when using JSONOBJDESCRARRAYARRAY, where the decoder incorrectly handles subarray token types and object assignments (Zephyr Advisory).

When processing array structures, the vulnerability manifests in the arrparse function where it incorrectly handles token types. Specifically, when the subarray has the token type JSONTOKLISTSTART, it erroneously assigns to the object part of the union. The arr_parse function then takes the offset of the array-object, treating it as relative to the parent object, and stores the subarray length in an incorrect location. This results in the subarray length being stored where the name-pointer of the first element should be (Zephyr Advisory). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (High), with attack vector: Network, attack complexity: Low, privileges required: None, user interaction: None (AttackerKB).

The vulnerability affects the availability of the system, with no direct impact on confidentiality or integrity. The incorrect handling of array structures could lead to potential denial of service conditions (Zephyr Advisory).

The vulnerability has been patched in multiple versions: Fixed on master in version 2.7.0 (PR #36340), Fixed on v2.6.0 (PR #37816), with fixes pending for v2.5.0 and v1.14. Users are advised to upgrade to patched versions (Zephyr Advisory).