CVE-2023-21205: 
NixOS vulnerability analysis and mitigation

In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This vulnerability (CVE-2023-21205) affects Android 13 and was disclosed in June 2023. The vulnerability could lead to local information disclosure with no additional execution privileges needed and user interaction is not required for exploitation (Android Bulletin).

The vulnerability exists in the startWpsPinDisplayInternal function within sta_iface.cpp and is caused by unsafe deserialization that can lead to an out of bounds read condition. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 MEDIUM (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) (NVD).

If exploited, this vulnerability could lead to local information disclosure. The attack requires local access but does not need any additional execution privileges or user interaction. The impact is limited to confidentiality with no effect on integrity or availability of the system (NVD).

The vulnerability has been patched in the Android security update released in June 2023. Users should update their Android devices to the latest available security patch level to protect against this vulnerability (Android Bulletin).