CVE-2016-8714Classic Buffer Overflow in R-base

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents7 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Debian R-baseTHE R Project RDebian Linux+1 more
Timeline
PublishedMar 10
Latest updateMay 13

Description

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

debiandebian/r-base< r-base 3.3.3-1 (bookworm)
NVDr_project/r3.3.0, 3.3.2+1
CVEListV5the_r_project/r3.3.0, 3.3.2+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-468j-7q62-ffj2: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 32022-05-13
OSV
CVE-2016-8714: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 32017-03-10

📋Vendor Advisories

2
Ubuntu
R vulnerability2021-03-15
Debian
CVE-2016-8714: r-base - An exploitable buffer overflow vulnerability exists in the LoadEncoding function...2016

🕵️Threat Intelligence

1
Talos
Vulnerability Spotlight: R - PDF LoadEncoding Code Execution Vulnerability2017-03-09

💬Community

3
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality2017-03-10
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [epel-all]2017-03-10
Bugzilla
CVE-2016-8714 R: Buffer overflow in the LoadEncoding functionality [fedora-all]2017-03-10