SUPPORT / SAMPLES & SAS NOTES
Problem Note 69876: The MODEL procedure contains a security vulnerability when you use the French language locale
 |  |  |  |  |
Severity: High
Description: When you specify a French language locale in the LOCALE = system option, SAS® might terminate abnormally in either of the following scenarios in PROC MODEL:
Scenario 1
- You specify the 2SLS or 3SLS option in the FIT statement.
- A variable that is specified in the INSTRUMENTS statement does not exist, or the number of instruments that is specified is less than the maximum number of parameters in any equation.
Scenario 2
- You specify the GMM option in the FIT statement.
- A variable that is specified in the INSTRUMENTS statement does not exist.
To circumvent the problem, remove the French language locale or specify a valid INSTRUMENTS statement.
Potential Impact: The resulting SAS termination introduces a potential security risk.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS/ETS | z/OS | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform |
| z/OS 64-bit | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft® Windows® for x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows 8 Enterprise 32-bit | 15.1 | 9.4 TS1M6 | ||||
| Microsoft Windows 8 Enterprise x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows 8 Pro 32-bit | 15.1 | 9.4 TS1M6 | ||||
| Microsoft Windows 8 Pro x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows 8.1 Enterprise 32-bit | 15.1 | 9.4 TS1M6 | ||||
| Microsoft Windows 8.1 Enterprise x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows 8.1 Pro 32-bit | 15.1 | 9.4 TS1M6 | ||||
| Microsoft Windows 8.1 Pro x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows 10 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2008 | 15.1 | 9.4 TS1M6 | ||||
| Microsoft Windows Server 2008 R2 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2008 for x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2012 Datacenter | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Datacenter | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Std | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2012 Std | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2016 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Microsoft Windows Server 2019 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Windows 7 Enterprise 32 bit | 15.1 | 9.4 TS1M6 | ||||
| Windows 7 Enterprise x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Windows 7 Home Premium 32 bit | 15.1 | 9.4 TS1M6 | ||||
| Windows 7 Home Premium x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Windows 7 Professional 32 bit | 15.1 | 9.4 TS1M6 | ||||
| Windows 7 Professional x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Windows 7 Ultimate 32 bit | 15.1 | 9.4 TS1M6 | ||||
| Windows 7 Ultimate x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| 64-bit Enabled AIX | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| 64-bit Enabled Solaris | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| HP-UX IPF | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Linux for x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||
| Solaris for x64 | 15.1 | Stable 2023.03 | 9.4 TS1M6 | Viya platform | ||