CVE-2021-44847: 
NixOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability (CVE-2021-44847) was discovered in the handle_request function in DHT.c in toxcore versions 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12. The vulnerability is caused by an improper length calculation during the handling of received network packets (NVD).

The vulnerability stems from an improper calculation of crypto size in the handlerequest function, where CRYPTOSIZE is used in a subtraction as second argument. Due to operator precedence rules and missing braces, only '1' is subtracted instead of the intended value, leading to a stack-based buffer overflow (GitHub PR). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) (NVD).

The vulnerability allows remote attackers to crash the process or potentially execute arbitrary code via a network packet. The high CVSS score indicates that successful exploitation could lead to complete system compromise with no special privileges or user interaction required (NVD).

The vulnerability was fixed in toxcore version 0.2.13. Users are advised to upgrade to this version or later. The fix involves correcting the crypto size computation and adding proper braces around macro values (Fedora Update).