CVE-2021-46168: 
NixOS vulnerability analysis and mitigation

Spin v6.5.1 was discovered to contain an out-of-bounds write vulnerability in the lex() function at spinlex.c. The vulnerability was disclosed on January 10, 2022 and assigned identifier CVE-2021-46168. The issue affects the Spin model checker software version 6.5.1 (NVD, MITRE).

The vulnerability stems from an out-of-bounds write in the lex() function within spinlex.c at line 1707. The issue occurs when processing curly braces, where the scopeseq array has a fixed size of 128 elements but the scopelevel counter can exceed this limit. When there are more than 128 opening braces '{', the scopelevel counter increases beyond the array bounds, leading to a buffer overflow. Additionally, if there are more closing braces '}' than opening ones, the scopelevel can become negative, causing writes to memory locations before the scope_seq array (GitHub Issue).

The vulnerability can lead to a segmentation fault and crash of the Spin application when processing malformed input files. This could result in denial of service conditions. Additionally, the out-of-bounds write could potentially corrupt memory and affect the integrity of the system (NVD).

Users should upgrade to a version of Spin newer than 6.5.1 that contains the fix for this vulnerability. No specific workarounds were documented for users who cannot upgrade (NVD).