CVE-2024-27322
EUVD-2024-2453229.04.2024, 13:15
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| r_project | r | 1.4.0 ≤ 𝑥 < 4.4.0 | ADP |
| r-project | r | 1.4.0 ≤ 𝑥 < 4.4.0 | ADP |
Debian Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| R |
| ||||
| R-core |
| ||||
| R-core-debuginfo |
| ||||
| R-core-devel |
| ||||
| R-debuginfo |
| ||||
| R-debugsource |
| ||||
| R-devel |
| ||||
| R-java |
| ||||
| R-java-devel |
| ||||
| libRmath |
| ||||
| libRmath-debuginfo |
| ||||
| libRmath-devel |
| ||||
| libRmath-static |
|
Azure Linux Releases
Common Weakness Enumeration
References