Problem Note 70182: The X12 and X13 procedures contain a security vulnerability when BY-group processing is used
 |  |  |  |  |
Severity: High
Description:
If you specify a BY statement and an X11 statement in PROC X12 or PROC X13, the following errors might be produced for one or more BY-groups:
ERROR: Regression matrix singular because of AOXXXXD. Check regression model or change OUTLIER options (i.e. TYPE=AO only.)
If you also specify an OUTPUT statement, output tables might be missing for some BY-groups.
If you specify the MDLINFOOUT= option in PROC X12 or PROC X13 when BY-group processing is used, the procedure might stop processing and issue the following message:
Please contact technical support and provide them with the following traceback information:
The SAS task name is [X13]
ERROR: Write Access Violation X13
Exception occurred at (CFEE8D4A)
Task Traceback
To circumvent these problems, run PROC X12 or PROC X13 separately for each BY-group, as illustrated in SAS Note 66249, "RunBY macro: Add BY processing to macros, procedures, or special code."
Potential Impact: The resulting access violation introduces a potential security risk.
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS/ETS | z/OS | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform |
| Microsoft® Windows® for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8 Pro x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8.1 Enterprise 32-bit | 12.3 | 9.4 TS1M0 | ||||
| Microsoft Windows 8.1 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 8.1 Pro 32-bit | 12.3 | 9.4 TS1M0 | ||||
| Microsoft Windows 8.1 Pro x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows 10 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2008 R2 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2008 for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 Datacenter | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Datacenter | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 R2 Std | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Microsoft Windows Server 2012 Std | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Windows 7 Enterprise x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Windows 7 Professional x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| 64-bit Enabled AIX | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| 64-bit Enabled Solaris | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| HP-UX IPF | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Linux for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
| Solaris for x64 | 12.3 | Stable 2023.08 | 9.4 TS1M0 | Viya platform | ||
Viya on Linux: An update for this issue is available for SAS Viya 3.5. For instructions on how to access and apply software updates, see the Updating Your SAS Viya software section in the SAS Viya 3.5 for Linux Deployment Guide at
http://documentation.sas.com/?softwareId=administration&softwareVersion=3.5&softwareContextId=softwareUpdatesA fix for this issue for SAS/ETS 15.3 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/L9D.html#70182A fix for this issue for SAS/ETS 15.2 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/J4K.html#70182| Type: | Problem Note |
| Priority: | high |
| Topic: | Analytics ==> Time Series Analysis SAS Reference ==> Procedures ==> X12 SAS Reference ==> Procedures ==> X13 |
| Date Modified: | 2024-02-08 11:42:14 |
| Date Created: | 2023-06-16 10:44:56 |