CVE-2023-35992: 
NixOS vulnerability analysis and mitigation

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. The vulnerability requires a victim to open a malicious file to trigger the exploitation (Talos Intel).

The vulnerability occurs in the fstReaderIterBlocks2 function when processing VCDATA elements. When handling signal_lens values, the code performs a multiplication (len * 4 + 1) to allocate the vesc buffer. Due to the 32-bit compilation environment, this multiplication can wrap around, leading to a smaller allocation than intended. The subsequent fstUtilityBinToEsc function writes beyond the allocated buffer size, causing heap buffer overflow. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 HIGH (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

The vulnerability could allow an attacker to cause memory corruption through heap buffer overflow, potentially leading to arbitrary code execution. Due to the multi-threaded nature of GTKWave, this could be leveraged for malicious purposes (Talos Intel).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are advised to upgrade to this version or later (Debian LTS).