rpm package
suse/ocaml&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/ocaml&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-9838 | Cri | 9.8 | < 4.02.1-4.3.2 | 4.02.1-4.3.2 | Apr 6, 2018 | The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or poss | |
| CVE-2015-8869 | Cri | 9.1 | < 4.02.1-3.4 | 4.02.1-3.4 | Jun 13, 2016 | OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. |
- affected < 4.02.1-4.3.2fixed 4.02.1-4.3.2
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or poss
- affected < 4.02.1-3.4fixed 4.02.1-3.4
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.