CVE-2021-41055: 
NixOS vulnerability analysis and mitigation

CVE-2021-41055 affects Gajim versions 1.2.x and 1.3.x before 1.3.3. The vulnerability was discovered in September 2021 and was fixed with the release of Gajim 1.3.3 in October 2021. This security issue affects the XMPP Last Message Correction (XEP-0308) functionality in multi-user chat environments (Gajim Issue, CVE Mitre).

The vulnerability occurs when processing XMPP Last Message Correction (XEP-0308) messages in multi-user chat where the message ID equals the correction ID. The issue stems from incorrect handling of repeating message IDs in MUC (Multi-User Chat), which leads to a key error in the conversation text view implementation. The root cause was identified in the message correction handling code where Gajim does not properly filter repeating message IDs in MUC, unlike its handling of regular messages (Gajim Issue).

When exploited, this vulnerability can cause Gajim to crash, leading to a denial of service condition. In some cases, the crash can be permanent, causing the application to crash immediately after connecting to the server due to downloading MUC history (Gajim Issue).

The vulnerability was fixed in Gajim version 1.3.3. Users are advised to upgrade to this version or later to mitigate the issue. The fix involves proper handling of repeating message IDs in MUC environments (Gajim Release).