CVE-2016-8714

Published: Mar 10, 2017Modified: May 13, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this vulnerability.

Affected (3)

Products: R Project: R · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
R Project R	Version 3.3.0
R Project R	Version 3.3.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

http://www.debian.org/security/2017/dsa-3813

Source: talos-cna@cisco.com

Third Party Advisory

http://www.securityfocus.com/bid/96785

Source: talos-cna@cisco.com

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0227/

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

http://www.debian.org/security/2017/dsa-3813

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/96785

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0227/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.