Ocaml

ocaml

Vendor: Ocaml • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-34353 1Ocaml 1Ocaml Apr 14, 2026 Mar 27, 2026 N/A· v4 5.1 MEDIUM· v3 N/A· v2 In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
CVE-2026-28364 1Ocaml 1Ocaml Mar 6, 2026 Feb 27, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds...Show more In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.Show less
CVE-2018-9838 1Ocaml 1Ocaml Nov 21, 2024 Apr 6, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attack...Show more The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.Show less
CVE-2017-9779 1Ocaml 1Ocaml May 13, 2026 Sep 7, 2017 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."
CVE-2017-9772 1Ocaml 1Ocaml May 13, 2026 Jun 23, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CA...Show more Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.Show less
CVE-2015-8869 3Fedoraproject OcamlOpensuse 3Fedora OcamlOpensuse May 6, 2026 Jun 13, 2016 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.