RSEC-2023-2

See a problem?

Import Source

https://github.com/RConsortium/r-advisory-database/blob/main/vulns/readxl/RSEC-2023-2.yaml

JSON Data

https://api.osv.dev/v1/vulns/RSEC-2023-2

Published

2023-07-13T02:46:57.600Z

Modified

2023-10-20T07:27:00.600Z

Summary

Denial of Service (DoS) vulnerability

Details

The readxl R package is exposed to a vulnerability owing to its underlying use of libxls library version 1.6.2. The vulnerability originates in the xls_getWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of Service (DoS) attack.

References

https://github.com/tidyverse/readxl/issues/679
https://readxl.tidyverse.org/news/index.html#readxl-142
https://security-tracker.debian.org/tracker/source-package/r-cran-readxl
https://nvd.nist.gov/vuln/detail/CVE-2021-27836

Affected packages

CRAN / readxl

Package

Name: readxl

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.4.1

Fixed

1.4.2

Affected versions

1.*

1.4.1