{"id":"RSEC-2023-2","summary":"Denial of Service (DoS) vulnerability","details":"The readxl R package is exposed to a vulnerability owing to its underlying use of libxls library version 1.6.2. The vulnerability originates in the xls_getWorkSheet function within xls.c in libxls. Attackers can exploit this flaw by utilizing a specially crafted XLS file, leading to a Denial of Service (DoS) attack.","modified":"2025-05-19T19:43:47.991339Z","published":"2023-07-13T02:46:57.600Z","upstream":["CVE-2021-27836"],"references":[{"type":"WEB","url":"https://github.com/tidyverse/readxl/issues/679"},{"type":"WEB","url":"https://readxl.tidyverse.org/news/index.html#readxl-142"},{"type":"WEB","url":"https://security-tracker.debian.org/tracker/source-package/r-cran-readxl"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27836"}],"affected":[{"package":{"name":"readxl","ecosystem":"CRAN","purl":"pkg:cran/readxl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.4.1"},{"fixed":"1.4.2"}]}],"versions":["1.4.1"],"database_specific":{"source":"https://github.com/RConsortium/r-advisory-database/blob/main/vulns/readxl/RSEC-2023-2.yaml"}}],"schema_version":"1.7.3"}