CVE-2022-48564: 
NixOS vulnerability analysis and mitigation

CVE-2022-48564 affects the read_ints function in plistlib.py in Python through version 3.9.1. The vulnerability was discovered in 2020 and publicly disclosed in August 2023. The issue affects Python's core plistlib library which supports Apple's binary plist format. When processing malformed Apple Property List files in binary format, the implementation can be vulnerable to a potential Denial of Service (DoS) attack (Python Bug Tracker, NVD).

The vulnerability exists in the read_ints function of plistlib.py where malformed input can force the creation of an argument to struct.unpack() that consumes excessive CPU and RAM resources until a MemError is thrown. When processing malicious input, the 'n' parameter can be controlled to be very large, causing the function to attempt building a string as long as 'n', leading to resource exhaustion. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD, Python Bug Tracker).

When successfully exploited, this vulnerability can lead to a Denial of Service (DoS) condition through CPU and RAM exhaustion. The attack can cause the system to consume excessive computational resources while processing malformed Apple Property List files, potentially making the system unresponsive (NetApp Advisory, NVD).

The vulnerability has been patched in multiple Python versions through various commits. Fixes include improved validation of Plist files and changes to the way format strings are handled in struct.unpack(). The fix was implemented across different Python versions including 3.10.0a2, 3.9.1rc1, 3.8.7rc1, 3.7.10, and 3.6.13 (Python Bug Tracker, Debian Security Tracker).