CVE-2016-8714

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
r_projectr
3.3.0
r_projectr
3.3.2
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
r-base
bullseye
4.0.4-1
fixed
bookworm
4.2.2.20221110-2
fixed
trixie
4.4.1-3
fixed
sid
4.4.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
r-base
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 3.2.3-4ubuntu0.1~esm3
released
trusty
Fixed 3.0.2-1ubuntu1.1~esm2
released
precise
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3813
http://www.securityfocus.com/bid/96785
http://www.talosintelligence.com/reports/TALOS-2016-0227/
http://www.debian.org/security/2017/dsa-3813
http://www.securityfocus.com/bid/96785
http://www.talosintelligence.com/reports/TALOS-2016-0227/