CVE-2018-11364

Name of the Vulnerable Software and Affected Versions ReadStat version 0.1.1 haven R package (affected versions not specified)

Description The issue is related to multiple flaws in the ReadStat library, including an infinite loop condition, a memory leak associated with an iconv open call, and a heap-based buffer over-read via an unterminated string. These flaws could lead to Denial of Service or other undefined behaviors.

Recommendations For ReadStat version 0.1.1, update to a version that fixes the memory leak and other issues. For the haven R package, apply any available patches or updates that address the vulnerabilities in the underlying ReadStat library. As a temporary workaround, consider restricting the use of the sav parse machine integer info record function in spss/readstat sav read.c until a patch is available.