CVE-2022-31783: 
NixOS vulnerability analysis and mitigation

Liblouis 3.21.0 contains a security vulnerability identified as CVE-2022-31783, which was discovered in May 2022. The vulnerability is an out-of-bounds write in the compileRule function within compileTranslationTable.c, which can be demonstrated using the lou_trace utility. This issue affects the Braille translation and back-translation library, which is used in various screen readers and assistive technology applications (CVE Details, Ubuntu Security).

The vulnerability is characterized by an invalid memory write in the compileRule function, specifically at line 3744 in compileTranslationTable.c. The issue occurs during the processing of sequence after expressions, where the code fails to properly validate input lengths against buffer sizes. The vulnerability has been assigned a CVSS 3.1 base score of 5.5 (Medium), with attack vector being Local, attack complexity Low, requiring no privileges but user interaction, and affecting only availability with high impact (Ubuntu Security).

When exploited, this vulnerability could allow an attacker to execute arbitrary code or cause a system crash. The primary impact is on system availability, with no direct effect on confidentiality or integrity. The vulnerability requires user interaction to be exploited (Ubuntu Security Notice).

The vulnerability has been fixed in liblouis version 3.22.0. Various distributions have released patches for their respective versions: Ubuntu has fixed it in versions 3.20.0-2ubuntu0.1 (22.04 LTS), 3.18.0-1ubuntu0.2 (21.10), 3.12.0-3ubuntu0.1 (20.04 LTS), and 3.5.0-1ubuntu0.4 (18.04 LTS). Users are advised to update to the patched versions through their standard system update procedures (Ubuntu Security Notice, GitHub Commit).