A vulnerability has been discovered in R, which can lead to arbitrary code execution.
Package | dev-lang/R on all architectures |
---|---|
Affected versions | < 4.4.1 |
Unaffected versions | >= 4.4.1 |
R is a language and environment for statistical computing and graphics.
Deserialization of untrusted data can occur in the R statistical programming language, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.
Arbitrary code may be run when deserializing untrusted data.
There is no known workaround at this time.
All R users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/R-4.4.1"
Release date
December 07, 2024
Latest revision
December 07, 2024: 1
Severity
high
Exploitable
local
Bugzilla entries