ALAS-2017-819

Metadata

medium
6.9
R
CVE-2017-8714
2017-04-20
2017-09-19 18:39
2017-09-13 06:37
2017-04-21 00:04

Description

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability. (CVE-2017-8714 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
libRmath libRmath-3.3.3-1.51.amzn1.x86_64
libRmath libRmath-3.3.3-1.51.amzn1.i686
libRmath-devel libRmath-devel-3.3.3-1.51.amzn1.i686
libRmath-devel libRmath-devel-3.3.3-1.51.amzn1.x86_64
libRmath-static libRmath-static-3.3.3-1.51.amzn1.x86_64
libRmath-static libRmath-static-3.3.3-1.51.amzn1.i686
R R-3.3.3-1.51.amzn1.src
R R-3.3.3-1.51.amzn1.x86_64
R R-3.3.3-1.51.amzn1.i686
R-core R-core-3.3.3-1.51.amzn1.i686
R-core R-core-3.3.3-1.51.amzn1.x86_64
R-core-devel R-core-devel-3.3.3-1.51.amzn1.i686
R-core-devel R-core-devel-3.3.3-1.51.amzn1.x86_64
R-debuginfo R-debuginfo-3.3.3-1.51.amzn1.x86_64
R-debuginfo R-debuginfo-3.3.3-1.51.amzn1.i686
R-devel R-devel-3.3.3-1.51.amzn1.i686
R-devel R-devel-3.3.3-1.51.amzn1.x86_64
R-java R-java-3.3.3-1.51.amzn1.x86_64
R-java R-java-3.3.3-1.51.amzn1.i686
R-java-devel R-java-devel-3.3.3-1.51.amzn1.x86_64
R-java-devel R-java-devel-3.3.3-1.51.amzn1.i686