R Programming Language Vulnerability - 20240430003

Overview

A severe security vulnerability in the R programming language has been disclosed, which could be exploited by malicious actors to create a malicious RDS (R Data Serialization) file that results in arbitrary code execution when loaded and referenced.

What is vulnerable?

Product Affected	CVE	Severity	CVSS
The R Project All versions prior to 4.4.0	CVE-2024-27322	High	8.8

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

Additional References

• NVD - CVE-2024-27322 (nist.gov)
• Newly Discovered R Programming Language Vulnerability Could Lead to Supply Chain Attacks - VULNERA
• R Programming Language Exploit(zerosecurity.org)