CVE-2023-40305: 
NixOS vulnerability analysis and mitigation

GNU indent version 2.2.13 contains a heap-based buffer overflow vulnerability (CVE-2023-40305) discovered in August 2023. The vulnerability exists in the search_brace function within indent.c, which can be triggered via a crafted file. This security issue affects the code formatting functionality of the GNU indent program (NVD, GNU Bug).

The vulnerability is classified with a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue manifests as a heap-based buffer overflow in the search_brace function, specifically at line 231 of indent.c. The vulnerability is triggered when processing specially crafted source files, and analysis revealed it involves buffer management issues in the code (NVD).

When exploited, this vulnerability can cause the GNU indent program to crash, resulting in a denial of service condition. Additionally, there is potential for arbitrary code execution if a user or automated system processes a maliciously crafted source file (Ubuntu Security).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has issued fixes for versions 23.04 (2.2.12-4ubuntu0.1), 22.04 LTS (2.2.12-1ubuntu0.22.04.1), and 20.04 LTS (2.2.12-1ubuntu0.20.04.1). Fedora has also released security updates for affected versions (Ubuntu Notice, Fedora Update).