CVE-2022-27943: 
NixOS vulnerability analysis and mitigation

CVE-2022-27943 is a vulnerability discovered in GNU GCC 11.2's libiberty/rust-demangle.c component, specifically affecting the demangle_const function. The vulnerability was reported on March 23, 2022, and allows for stack consumption that could lead to a denial of service condition. The issue affects various versions of GCC and related tools that use the libiberty component (NVD, MITRE).

The vulnerability exists in the demangle_const function within libiberty/rust-demangle.c, which can be triggered through the processing of specially crafted input, as demonstrated using the nm-new utility. The issue manifests as excessive stack consumption due to unbounded recursion in the demangling process. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (Ubuntu).

When exploited, this vulnerability can cause a denial of service condition through stack exhaustion. The impact is primarily on the availability of the affected system, with no direct effect on confidentiality or integrity. The vulnerability can be triggered when processing certain malformed input files that cause recursive calls in the demangle_const function (GCC Bugzilla).

The vulnerability was fixed in GCC 13.1.0 on July 1, 2022, with commit 9234cdca6ee that added a recursion limit to the demangle_const function in the Rust demangler. The fix was also backported to various distributions and versions. Users are advised to update to patched versions of the affected software (GCC Bugzilla).