CVE-2023-36864: 
NixOS vulnerability analysis and mitigation

An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability (Talos).

The vulnerability is tracked as CVE-2023-36864 and has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue occurs in the fstReaderIterBlocks2 function where an integer overflow in temp_signal_value_buf allocation can be triggered by manipulating signal_lens values. The vulnerability can be exploited by crafting a malicious .fst file that contains specific signal lens values, leading to a small buffer allocation followed by out-of-bounds writes in the heap (Talos).

If successfully exploited, this vulnerability allows an attacker to achieve arbitrary code execution on the target system. The attack requires user interaction, as the victim needs to open a specially crafted malicious file (Talos).

The vulnerability has been fixed in GTKWave version 3.3.118. Users are advised to upgrade to this version or later. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian which has released fixes in versions 3.3.104+really3.3.118-0+deb11u1 for bullseye and 3.3.118-0.1~deb12u1 for bookworm (Debian Security, Debian LTS).