CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
Issue Overview:
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with. (CVE-2024-27322)
Affected Packages:
R
Issue Correction:
Run yum update R to update your system.
New Packages:
i686:
libRmath-static-3.4.1-1.53.amzn1.i686
R-core-devel-3.4.1-1.53.amzn1.i686
R-devel-3.4.1-1.53.amzn1.i686
R-java-3.4.1-1.53.amzn1.i686
R-3.4.1-1.53.amzn1.i686
R-java-devel-3.4.1-1.53.amzn1.i686
R-core-3.4.1-1.53.amzn1.i686
libRmath-3.4.1-1.53.amzn1.i686
libRmath-devel-3.4.1-1.53.amzn1.i686
R-debuginfo-3.4.1-1.53.amzn1.i686
src:
R-3.4.1-1.53.amzn1.src
x86_64:
libRmath-static-3.4.1-1.53.amzn1.x86_64
libRmath-devel-3.4.1-1.53.amzn1.x86_64
R-3.4.1-1.53.amzn1.x86_64
R-devel-3.4.1-1.53.amzn1.x86_64
R-java-devel-3.4.1-1.53.amzn1.x86_64
R-java-3.4.1-1.53.amzn1.x86_64
R-core-3.4.1-1.53.amzn1.x86_64
R-core-devel-3.4.1-1.53.amzn1.x86_64
libRmath-3.4.1-1.53.amzn1.x86_64
R-debuginfo-3.4.1-1.53.amzn1.x86_64
Red Hat: CVE-2024-27322
Mitre: CVE-2024-27322
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | librmath-static | < 3.4.1-1.53.amzn1 | libRmath-static-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-core-devel | < 3.4.1-1.53.amzn1 | R-core-devel-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-devel | < 3.4.1-1.53.amzn1 | R-devel-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-java | < 3.4.1-1.53.amzn1 | R-java-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r | < 3.4.1-1.53.amzn1 | R-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-java-devel | < 3.4.1-1.53.amzn1 | R-java-devel-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-core | < 3.4.1-1.53.amzn1 | R-core-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | librmath | < 3.4.1-1.53.amzn1 | libRmath-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | librmath-devel | < 3.4.1-1.53.amzn1 | libRmath-devel-3.4.1-1.53.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | r-debuginfo | < 3.4.1-1.53.amzn1 | R-debuginfo-3.4.1-1.53.amzn1.i686.rpm |