CVE-2021-42614: 
NixOS vulnerability analysis and mitigation

A use-after-free vulnerability (CVE-2021-42614) was discovered in the infowidthinternal function in bk_info.c in Halibut version 1.2. The vulnerability allows an attacker to cause a segmentation fault or potentially have unspecified other impact by providing a crafted text document (NVD).

The vulnerability exists in the infowidthinternal function within bkinfo.c. The issue occurs due to improper memory management, specifically a use-after-free condition. The vulnerability can be triggered through a recursive call sequence involving infowidthinternal, infowidthinternallist, and infowidthxrefs functions. The CVSS v3.1 base score for this vulnerability is 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD, Halibut Case Study).

When successfully exploited, the vulnerability can lead to a segmentation fault in the application. The high CVSS score indicates potential severe impacts on confidentiality, integrity, and availability of the system, though specific impacts beyond the segmentation fault are not fully specified (NVD).

The vulnerability has been fixed in Halibut version 1.3. Users are advised to upgrade to this version or later. Fedora has released an update (halibut-1.3-3.fc35) to address this vulnerability along with related issues CVE-2021-42612 and CVE-2021-42613 (Fedora Update).