CVE-2023-37279: 
NixOS vulnerability analysis and mitigation

CVE-2023-37279 affects Faktory, a language-agnostic persistent background job server, prior to version 1.8.0. The vulnerability exists in the Faktory web dashboard where a malicious URL query parameter 'days' can be exploited to cause a denial of service condition (GitHub Advisory).

The vulnerability stems from how the backend processes the 'days' URL query parameter in the Faktory web dashboard. The parameter value is used directly without validation to create a string slice, which when provided with a very large value, causes excessive memory consumption. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness has been categorized under CWE-770 (Allocation of Resources Without Limits or Throttling) and CWE-789 (Memory Allocation with Excessive Size Value) (GitHub Advisory, NVD).

The vulnerability can lead to server crashes affecting availability. Since the Faktory web dashboard does not require authorization, any entity with internet access to the dashboard can potentially exploit this vulnerability to conduct a Denial of Service (DoS) attack, disrupting service availability without any conditional barriers (GitHub Advisory).

The vulnerability has been fixed in Faktory version 1.8.0. Users should upgrade to this version or later to mitigate the risk (GitHub Advisory).