CVE-2019-25656: R i386 Buffer Overflow - Code Execution
Platform
linux
Component
r-project
CVE-2019-25656 describes a local buffer overflow vulnerability found in R i386 version 3.5.0. This flaw allows a local attacker to trigger a structured exception handler (SEH) overwrite by crafting malicious input within the GUI Preferences dialog, specifically the 'Language for menus and messages' field. Successful exploitation could lead to arbitrary code execution, potentially granting an attacker control over the system. No official patch is currently available.
How to fix
Actualice a una versión corregida de R i386 que solucione la vulnerabilidad de desbordamiento de búfer. Consulte el sitio web del proyecto R para obtener más información sobre las actualizaciones disponibles: https://www.r-project.org/
Frequently asked questions
What is CVE-2019-25656?
CVE-2019-25656 is a buffer overflow vulnerability in R i386 version 3.5.0. It allows a local attacker to overwrite the SEH records by providing malicious input in the 'Language' field, potentially leading to code execution.
Am I affected by CVE-2019-25656?
You are potentially affected if you are running R i386 version 3.5.0. If you are not running this specific version, you are likely not vulnerable. However, always verify your system's software versions.
How can I fix or mitigate CVE-2019-25656?
A patch is available; update to a fixed version to mitigate this risk. However, no official patch is currently available.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free