Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612214 (CVE-2016-8714) - <dev-lang/R-3.3.3: Buffer overflow in the LoadEncoding functionality
Summary: <dev-lang/R-3.3.3: Buffer overflow in the LoadEncoding functionality
Status: RESOLVED FIXED
Alias: CVE-2016-8714
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-10 16:24 UTC by Agostino Sarubbo
Modified: 2020-05-05 22:18 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-03-10 16:24:17 UTC
From ${URL} :

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker 
can send a malicious R script to trigger this vulnerability.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0227/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-16 19:36:39 UTC
Tree seems clean now.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-05-05 22:18:09 UTC
noglsaing because very old.