A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3005 https://access.redhat.com/errata/RHSA-2018:3005
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3006 https://access.redhat.com/errata/RHSA-2018:3006
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:3531 https://access.redhat.com/errata/RHSA-2018:3531
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3532 https://access.redhat.com/errata/RHSA-2018:3532
Acknowledgments: Name: the Mozilla project Upstream: R (Zero Day LLC)