Source: ocaml
Version: 4.05.0-10
Severity: important
Tags: security upstream


The following vulnerability was published for ocaml.

| The caml_ba_deserialize function in byterun/bigarray.c in the standard
| library in OCaml 4.06.0 has an integer overflow which, in situations
| where marshalled data is accepted from an untrusted source, allows
| remote attackers to cause a denial of service (memory corruption) or
| possibly execute arbitrary code via a crafted object.

A solution is still beeing discussed upstream in [2].

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed.


Reply via email to