CVE-2022-28068: 
NixOS vulnerability analysis and mitigation

A heap buffer overflow vulnerability was identified in radare2 versions 5.4.2 and 5.4.0, specifically in the r_sleb128 function. The vulnerability was assigned identifier CVE-2022-28068 and was discovered in March 2022 (CVE Details).

The vulnerability is classified as a heap buffer overflow (CWE-787: Out-of-bounds Write) in the r_sleb128 function. The issue has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it is network exploitable with low attack complexity and requires no privileges or user interaction (NVD).

The heap buffer overflow vulnerability can lead to denial of service conditions and potentially allow attackers to cause system crashes. The high CVSS score indicates significant potential impact on system availability, though there are no direct impacts on confidentiality or integrity (NVD).

A fix for this vulnerability has been implemented and is available in the radare2 repository. The patch can be found in commit 637f4bd1af6752e28e0a9998e954e2e9ce6fa992, which addresses the out-of-bounds read crash in the DWARF parser (GitHub Patch).