CVE-2016-8714

EUVD-2016-9553
An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
talosCNA
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
r_projectr
3.3.0
r_projectr
3.3.2
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
r-base
bookworm
4.2.2.20221110-2
fixed
bullseye
4.0.4-1
fixed
sid
4.4.2-1
fixed
trixie
4.4.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
r-base
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
precise
ignored
trusty
Fixed 3.0.2-1ubuntu1.1~esm2
released
xenial
Fixed 3.2.3-4ubuntu0.1~esm3
released
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www.debian.org/security/2017/dsa-3813
http://www.securityfocus.com/bid/96785
http://www.talosintelligence.com/reports/TALOS-2016-0227/
http://www.debian.org/security/2017/dsa-3813
http://www.securityfocus.com/bid/96785
http://www.talosintelligence.com/reports/TALOS-2016-0227/