CVE-2022-47629: 
NixOS vulnerability analysis and mitigation

CVE-2022-47629 is a vulnerability discovered in Libksba, an X.509 and CMS support library, affecting versions before 1.6.3. The vulnerability was identified as an integer overflow in the CRL signature parser, which was disclosed on December 20, 2022. The issue affects multiple systems and applications that utilize the Libksba library (NVD, Debian).

The vulnerability is classified as an integer overflow vulnerability in the CRL (Certificate Revocation List) signature parser component of Libksba. It has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (NVD). The issue was identified in the parsing of ASN.1 objects which could lead to a buffer overflow (Gentoo).

The successful exploitation of this vulnerability could lead to multiple severe consequences including denial of service (DoS), disclosure of sensitive information, addition or modification of data, or potential execution of arbitrary code. The critical CVSS score indicates the potential for complete compromise of system confidentiality, integrity, and availability (NetApp, Debian).

The vulnerability has been fixed in Libksba version 1.6.3. Users are strongly recommended to upgrade to this version or later. The fix includes a patch that addresses the integer overflow in the CRL signature parser (GnuPG). Various distributions have also released security updates, including Debian (version 1.5.0-3+deb11u2 for bullseye) and Gentoo (Debian, Gentoo).