CVE-2016-8714

Published: 3/10/2017 Last updated: 8/6/2024 Reserved: 10/17/2016

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.

CNA assigner: talos (b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	7.5	High	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-r conf-r-mathlib

Products affected (1)

Product	Vendor	Version
R	The R Project	12.4(15)XY4

References (6)

http://www.securityfocus.com/bid/96785
http://www.debian.org/security/2017/dsa-3813
http://www.talosintelligence.com/reports/TALOS-2016-0227/
http://www.securityfocus.com/bid/96785
http://www.debian.org/security/2017/dsa-3813
http://www.talosintelligence.com/reports/TALOS-2016-0227/