CVE-2022-35020: 
NixOS vulnerability analysis and mitigation

CVE-2022-35020 is a security vulnerability discovered in Advancecomp version 2.3, identified on August 29, 2022. The vulnerability involves a heap buffer overflow condition in the component _interceptormemcpy at /sanitizercommon/sanitizercommon_interceptors.inc (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. This indicates a local attack vector with low attack complexity, requiring no privileges but user interaction, with unchanged scope and high impact on availability (NVD). The vulnerability is classified as CWE-787 (Out-of-bounds Write).

If successfully exploited, this vulnerability could allow an attacker to cause the application to crash, resulting in a denial of service condition. The vulnerability affects the availability of the system while having no direct impact on confidentiality or integrity (Ubuntu Security).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has released fixes across multiple versions: 22.10 (2.3-1ubuntu0.22.10.1), 22.04 LTS (2.1-2.1ubuntu2.1), 20.04 LTS (2.1-2.1ubuntu0.20.04.1), 18.04 LTS (2.1-1ubuntu0.18.04.3), and 16.04 LTS (1.20-1ubuntu0.2+esm2) (Ubuntu Security).