CVE-2024-0962: 
NixOS vulnerability analysis and mitigation

A critical vulnerability was discovered in obgm libcoap version 4.3.4, identified as CVE-2024-0962. The vulnerability affects the get_split_entry function in the src/coap_oscore.c file of the Configuration File Handler component. This security flaw was disclosed on January 25, 2024, and has been assigned a CVSS v3.1 base score of 7.8 (High) (NVD).

The vulnerability is classified as a stack-based buffer overflow (CWE-787, CWE-121) that occurs in the handling of input files within the coap_new_oscore_conf() function. The issue manifests when processing OSCORE configuration information, particularly with DOS-formatted comments. The vulnerability has received a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access requirements with low attack complexity (NVD, GitHub Issue).

The exploitation of this vulnerability could lead to arbitrary code execution on affected installations. The high severity rating indicates potential significant impacts on system confidentiality, integrity, and availability. The buffer overflow condition could allow attackers to execute malicious code or cause system crashes (GitHub Issue).

A fix has been developed and merged into the libcoap repository. The patch addresses the vulnerability by improving the parsing of OSCORE configuration information, particularly handling DOS-formatted comments. Users are recommended to apply the available patch to mitigate this security issue (GitHub PR).