From b353ccbb8431d030a945341e196d21d58beba384 Mon Sep 17 00:00:00 2001
From: nodivbyzero <nodivbyzero@gmail.com>
Date: Thu, 5 Oct 2023 12:07:06 -0700
Subject: [PATCH] igraph RSEC-2023-4 (#5)

---
 latest-id.txt                 |  2 +-
 vulns/igraph/RSEC-2023-4.yaml | 31 +++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)
 create mode 100644 vulns/igraph/RSEC-2023-4.yaml

diff --git a/latest-id.txt b/latest-id.txt
index a6ac50c..f66b11d 100644
--- a/latest-id.txt
+++ b/latest-id.txt
@@ -1 +1 @@
-2023-3
+2023-4
diff --git a/vulns/igraph/RSEC-2023-4.yaml b/vulns/igraph/RSEC-2023-4.yaml
new file mode 100644
index 0000000..832d29a
--- /dev/null
+++ b/vulns/igraph/RSEC-2023-4.yaml
@@ -0,0 +1,31 @@
+id: RSEC-2023-3
+details: The igraph R package, through version 0.7.1, is susceptible to a vulnerability identified in the
+  igraph_i_strdiff function within igraph_trie.c. This vulnerability can lead to a NULL pointer dereference,
+  potentially exploited by attackers to cause a denial of service, resulting in an application crash.
+  Users of the igraph package should take necessary precautions and consider updating to a patched version to
+  mitigate this security risk.
+affected:
+- package:
+    name: igraph
+    ecosystem: CRAN
+  ranges:
+  - type: ECOSYSTEM
+    events:
+    - introduced: 0.7.1
+    - fixed: 1.2.2-2
+  versions:
+  - 0.7.1
+  - 1.0.0
+  - 1.0.1
+  - 1.1.1
+  - 1.1.2
+  - 1.2.1
+references:
+- type: WEB
+  url: https://github.com/igraph/igraph/issues/1141
+- type: WEB
+  url: https://security-tracker.debian.org/tracker/CVE-2018-20349
+aliases:
+- CVE-2018-20349
+modified: "2023-10-04T03:23:51.600Z"
+published: "2023-10-04T03:23:51.600Z"