MidnightBSD

Advisories for ocaml

CVE-2015-8869 MEDIUM

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,CWE-200,

Products Affected

Vendor Product Version
ocaml ocaml *
fedoraproject fedora 24
opensuse opensuse 13.2
CVE-2017-9772 HIGH

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ocaml ocaml 4.04.1
ocaml ocaml 4.04.0
CVE-2017-9779 HIGH

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
ocaml ocaml *
CVE-2018-9838 HIGH

The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-190,

Products Affected

Vendor Product Version
ocaml ocaml 4.06.0
CVE-2026-28364

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 7.9 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 2.5 4.7

Products Affected

Vendor Product Version
ocaml ocaml *