CVE-2023-21028: 
NixOS vulnerability analysis and mitigation

In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This vulnerability (CVE-2023-21028) affects Android-13 and was discovered in March 2023. The vulnerability could lead to remote information disclosure without requiring additional execution privileges or user interaction (Android Bulletin).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 Base Score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The issue occurs in the parse_printerAttributes function of ipphelper.c where a string is processed without proper null-termination, leading to potential buffer overread (NVD).

The vulnerability can lead to remote information disclosure. An attacker could potentially access sensitive information without requiring additional execution privileges. The high CVSS score indicates significant potential impact on data confidentiality (NVD).

The vulnerability was addressed in the Android Security Bulletin for March 2023. Users should update their Android devices to the latest available security patch level to mitigate this vulnerability (Android Bulletin).