CVE-2023-47471: 
NixOS vulnerability analysis and mitigation

CVE-2023-47471 is a Buffer Overflow vulnerability discovered in strukturag libde265 version 1.10.12. The vulnerability was disclosed on November 15, 2023, and affects the slicesegmentheader function in the slice.cc component. The vulnerability received a CVSS v3.1 Base Score of 6.5 (Medium), indicating a moderate severity level (NVD).

The vulnerability exists in the slicesegmentheader function within the slice.cc component of libde265. It has a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating that it can be exploited remotely with low attack complexity, requires no privileges but does need user interaction, and can result in high impact on availability while maintaining unchanged scope (Ubuntu Security).

If successfully exploited, this vulnerability allows a local attacker to cause a denial of service through a buffer overflow attack. The vulnerability primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD).

Multiple Linux distributions have released patches to address this vulnerability. Ubuntu has released updates for versions 23.10 (1.0.12-2ubuntu0.1), 22.04 LTS (1.0.8-1ubuntu0.3), 20.04 LTS (1.0.4-1ubuntu0.4), and other versions. Debian has also released fixes for various versions including bullseye (1.0.11-0+deb11u3) and bookworm (1.0.11-1+deb12u2) (Debian Security, Ubuntu Security Notice).