A vulnerability in the R programming language implementation can be exploited to execute arbitrary code when a malicious RDS file is loaded and referenced, and could be used as part of a supply chain attack, AI security firm HiddenLayer warns.
Tracked as CVE-2024-27322 (CVSS score of 8.8), the issue was identified in R’s serialization and deserialization process, which is used for creating and loading RDS (R Data Serialization) files.
An open source programming language, R supports data visualization, machine learning, and statistical computing, and is widely used for performing statistical analysis in industries such as finance, government, and healthcare, and is also popular within AI and ML applications.
R has its own serialization format that is used when packages are saved and loaded. When a package is compiled, a .rdb file containing objects to be serialized and a .rdx file containing metadata associated with these objects and their offsets are created.
“When a package is loaded, the metadata stored in the RDS format within the .rdx file is used to locate the objects within the .rdb file. These objects are then decompressed and deserialized, essentially loading them as RDS files,” HiddenLayer explains.
Because R supports an instruction for creating a promise object – which has a symbol (variable) and an expression attached to it, with the expression run only after the symbol is accessed – and lazy evaluation, a strategy where symbols are evaluated only when needed.
An attacker can create a promise object with an instruction that sets the variable to an unbound value and an expression containing arbitrary code. Due to lazy evaluation, the expression is evaluated and run only when the symbol associated with the RDF file is accessed, and the code will execute when the user references the symbol.
“Once the malicious file has been created and loaded by R, the exploit will run no matter how the variable is referenced,” HiddenLayer continued.
Enabling Software Supply Chain Attacks
The security firm also warns that, because RDS packages allow users to share compiled R code with others, and because there numerous GitHub repositories dedicated to R, threat actors could abuse this vulnerability in supply chain attacks targeting R users.
readRDS, one of R’s functions that can be used to exploit the vulnerability, is referenced in over 135,000 R source files, and CRAN’s repository, which claims to have over 20,000 packages and allows anyone to upload code, does not check new packages against this vulnerability.
“Looking through the repositories, we found that a large amount of the usage was on untrusted, user-provided data, which could lead to a full compromise of the system running the program. Some source files containing potentially vulnerable code included projects from R Studio, Facebook, Google, Microsoft, AWS, and other major software vendors,” HiddenLayer explains.
To take over an R package, an attacker only needs to overwrite the .rdx file with their malicious file, ensuring that the code is automatically executed as soon as the package is loaded. By modifying a may system package, such as a compiler, the malicious code will be executed when R is initialized.
Patches for CVE-2024-27322 were included in R Core version 4.4.0, which was released as source code on April 24, followed by Windows and Mac binaries shortly. The updated version will also be included in various Linux distributions.
Related: GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta
Related: No Security Scrutiny for Half of Major Code Changes: AppSec Survey
Related: Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
