RSEC-2023-4

See a problem?

Import Source

https://github.com/RConsortium/r-advisory-database/blob/main/vulns/igraph/RSEC-2023-4.yaml

JSON Data

https://api.osv.dev/v1/vulns/RSEC-2023-4

Published

2023-10-04T03:23:51.600Z

Modified

2023-10-20T19:31:52.862942Z

Summary

NULL pointer dereference vulnerability

Details

The igraph R package, through version 0.7.1, is susceptible to a vulnerability identified in the igraphistrdiff function within igraph_trie.c. This vulnerability can lead to a NULL pointer dereference, potentially exploited by attackers to cause a denial of service, resulting in an application crash. Users of the igraph package should take necessary precautions and consider updating to a patched version to mitigate this security risk.

References

https://github.com/igraph/igraph/issues/1141
https://security-tracker.debian.org/tracker/CVE-2018-20349

Affected packages

CRAN / igraph

Package

Name: igraph

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.7.1

Fixed

1.2.2-2

Affected versions

0.*

0.7.1

1.*

1.0.0

1.0.1

1.1.1

1.1.2

1.2.1

1.2.2