CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.4%
The readxl R package, versions 0.1.0 to 1.0.0, is vulnerable to multiple attack vectors due to the underlying use of the libxls library. Several exploitable vulnerabilities have been identified in different functions of libxls versions 1.3.4 and 1.4. These include out-of-bounds write and stack based buffer overflow vulnerabilities in the xls_mergedCells and xls_getfcell functions respectively. Furthermore, integer overflow vulnerabilities exist in the xls_preparseWorkSheet and xls_appendSST functions when handling MULBLANK, MULRK records and a shared string table (SST). An additional out-of-bounds vulnerability has been identified in the xls_addCell function when it processes a formula record. All these vulnerabilities can lead to memory corruption, potentially resulting in remote code execution. The exploit is triggered when a specially crafted XLS file, possibly sent by an attacker, is processed by these vulnerable functions.
github.com/evanmiller/libxls/issues/34
github.com/tidyverse/readxl/issues/441
github.com/tidyverse/readxl/pull/442
readxl.tidyverse.org/news/index.html#readxl-110
security-tracker.debian.org/tracker/CVE-2017-2896
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.4%