CVE-2023-35784: 
NixOS vulnerability analysis and mitigation

CVE-2023-35784 is a critical security vulnerability discovered in LibreSSL and OpenBSD systems. The vulnerability involves a double free or use after free condition that could occur after SSL_clear operation in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3. Notably, OpenSSL is not affected by this vulnerability (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue stems from a missing pointer invalidation in the SSL handling code, specifically in the ssl3_free function where the verified_chain pointer wasn't being nullified after freeing (LibreSSL Release Notes).

Given the CRITICAL CVSS score of 9.8, this vulnerability presents severe security implications. The double free or use after free condition could potentially lead to memory corruption, which might result in program crashes or, in worst-case scenarios, arbitrary code execution (NVD).

Patches have been released to address this vulnerability. Users should upgrade to LibreSSL version 3.6.3 or later for the 3.6.x series, or to version 3.7.3 or later for the 3.7.x series. For OpenBSD users, patches are available through errata 026 for version 7.2 and errata 004 for version 7.3 (LibreSSL Release Notes, OpenBSD Patch).