all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Add to bookmarks
April 29, 2024, 8:07 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS (R Data Serialization) format files and .rdx files. An attacker can create malicious RDS or .rdx formatted files to execute arbitrary commands on the victim's target device.


Description


R supports data serialization, which is the process of turning R objects and data into a format that can then …

arbitrary code arbitrary code execution attacker can code code execution data deserialization exploited files language programming programming language rds rdx serialization untrusted vulnerability vulnerable

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 2 weeks, 6 days ago | kb.cert.org
abuse access attacker baseboard management controller +17
VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 3 weeks ago | kb.cert.org
arbitrary code arbitrary code execution attacker can +15
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 1 week ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 1 week ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 2 weeks ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 2 months ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months, 1 week ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 2 weeks ago | kb.cert.org
app attacks bluetooth called +11

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

PNT/NAVWAR Space Electronic Warfare Instructor II – Officer Training Course

@ Aleut Federal | Colorado Springs, Colorado, United States
View on infosec-jobs.com

Sr Director, Cybersecurity SIRT

@ Workday | USA, VA, McLean
View on infosec-jobs.com