CVE-2021-42778: 
NixOS vulnerability analysis and mitigation

A heap double free vulnerability (CVE-2021-42778) was discovered in OpenSC before version 0.22.0, specifically in the scpkcs15free_tokeninfo function. The vulnerability was identified in October 2021 and affects multiple operating systems including Red Hat Enterprise Linux and Fedora (NVD, CVE).

The vulnerability is classified as a heap double free issue (CWE-415) with a CVSS v3.1 base score of 5.3 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. The issue specifically occurs in the scpkcs15free_tokeninfo function of OpenSC, which handles token information management (NVD).

The vulnerability affects system availability, with no direct impact on confidentiality or integrity. The CVSS scoring indicates that while the vulnerability can be exploited remotely with low attack complexity, it primarily affects system availability through potential crashes or service disruptions (NVD).

The vulnerability has been fixed in OpenSC version 0.22.0. Users are advised to upgrade to this version or later. For Gentoo users, the recommendation is to upgrade using the command 'emerge --ask --oneshot --verbose ">=dev-libs/opensc-0.22.0"'. The fix was implemented through a commit that modifies the handling of temporary variables (Gentoo Advisory, GitHub Commit).