High severity8.8NVD Advisory· Published Apr 29, 2024· Updated Apr 15, 2026

CVE-2024-27322

Description

Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2024/04/29/3nvd
hiddenlayer.com/research/r-bitrary-code-execution/nvd
https//kb.cert.org/vuls/id/238194nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZLV4OWXZIJ7EFBIWUZADUSHYJTFAQ4D/nvd
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JVE5FDLFJGTAMOSJ6DREFAODEUBRFWSG/nvd
www.kb.cert.org/vuls/id/238194nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.005
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000