Ocaml
Sign in to watchby Ocaml
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9772 | Cri | 0.64 | 9.8 | 0.01 | Jun 23, 2017 | Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable. | |
| CVE-2017-9779 | Hig | 0.51 | 7.8 | 0.00 | Sep 7, 2017 | OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." | |
| CVE-2026-34353 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2026 | In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed. | |
| CVE-2026-28364 | 0.00 | — | 0.00 | Feb 27, 2026 | In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data. |