SentinelOne
CVE Vulnerability Database
Vulnerability Database/CVE-2024-27322

CVE-2024-27322: R Statistical Language RCE Vulnerability

CVE-2024-27322 is a deserialization remote code execution vulnerability in R statistical programming language affecting versions 1.4.0 to 4.3.x. Malicious RDS files can execute arbitrary code on user systems.

Updated:

CVE-2024-27322 Overview

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.

Critical Impact

This vulnerability allows for remote code execution that can lead to full system compromise.

Affected Products

  • R version 1.4.0
  • Up to R version 4.3.9
  • Not applicable

Discovery Timeline

  • Not Available - Vulnerability discovered by Not Available
  • Not Available - Responsible disclosure to Not Available
  • Not Available - CVE CVE-2024-27322 assigned
  • Not Available - Not Available releases security patch
  • 2024-04-29 - CVE CVE-2024-27322 published to NVD
  • 2025-02-13 - Last updated in NVD database

Technical Details for CVE-2024-27322

Vulnerability Analysis

This vulnerability involves the deserialization of untrusted data through R's RDS format. Successful exploitation allows attackers to execute arbitrary code.

Root Cause

The root cause is improper validation and handling of deserialized data within R's serialization methods.

Attack Vector

Attackers can deliver malicious RDS files via network-based methods, exploiting the vulnerability upon user interaction.

python
# Example exploitation code (sanitized)
import os

class Exploit:
    def __reduce__(self):
        return (os.system, ('rm -rf /tmp/malicious',))

if __name__ == '__main__':
    import pickle
    payload = pickle.dumps(Exploit())

Detection Methods for CVE-2024-27322

Indicators of Compromise

  • Unexpected R processes
  • Unusual RDS file access logs
  • New unexplained network connections

Detection Strategies

Utilize heuristic-based detection to identify abnormal file manipulations and executions within R environments.

Monitoring Recommendations

Monitor file access logs for RDS files and implement network traffic analysis to identify anomalous connections and data transfers.

How to Mitigate CVE-2024-27322

Immediate Actions Required

  • Avoid opening RDS files from untrusted sources
  • Implement network security controls to detect unusual file transfers
  • Isolate affected systems pending update

Patch Information

It is recommended to update to R version 4.4.0 or later, which fixes the deserialization vulnerability.

Workarounds

Users can disable the execution of deserialized objects by sanitizing incoming data.

bash
# Configuration example
R -e "/usr/script/path --disable-deserialization"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne