CVE-2024-27322

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
Configurations

No configuration.

History

21 Nov 2024, 09:04

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2024/04/29/3 - () http://www.openwall.com/lists/oss-security/2024/04/29/3 -
References () https://hiddenlayer.com/research/r-bitrary-code-execution/ - () https://hiddenlayer.com/research/r-bitrary-code-execution/ -
References () https://https://kb.cert.org/vuls/id/238194 - () https://https://kb.cert.org/vuls/id/238194 -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/ -
References () https://www.kb.cert.org/vuls/id/238194 - () https://www.kb.cert.org/vuls/id/238194 -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/ -

01 May 2024, 17:15

Type Values Removed Values Added
Summary
  • (es) La deserialización de datos que no son de confianza puede ocurrir en el lenguaje de programación estadística R, en cualquier versión desde 1.4.0 hasta 4.4.0 incluida, lo que permite que un archivo con formato RDS (R Data Serialization) creado con fines malintencionados o un paquete R ejecute código arbitrario en el sistema de un usuario final cuando se interactúa con él.
References
  • () http://www.openwall.com/lists/oss-security/2024/04/29/3 -

29 Apr 2024, 21:15

Type Values Removed Values Added
References
  • () https://www.kb.cert.org/vuls/id/238194 -

29 Apr 2024, 20:15

Type Values Removed Values Added
References
  • () https://https://kb.cert.org/vuls/id/238194 -

29 Apr 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-29 13:15

Updated : 2024-11-21 09:04


NVD link : CVE-2024-27322

Mitre link : CVE-2024-27322

CVE.ORG link : CVE-2024-27322


JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data