Integer Overflow Vulnerability in OCaml's Standard Library
CVE-2018-9838

9.8CRITICAL

Key Information:

Vendor: Ocaml
Status: Ocaml
Vendor: CVE Published:; 6 April 2018

What is CVE-2018-9838?

The caml_ba_deserialize function within the OCaml standard library is affected by an integer overflow flaw. This vulnerability arises when marshalled data from untrusted sources is processed, potentially leading to memory corruption or denial of service. Attackers may exploit this weakness to execute arbitrary code by crafting specific objects, posing significant risks to applications that utilize the OCaml 4.06.0 library.

References

https://caml.inria.fr/mantis/view.php?id=7765

x_refsource_MISC

https://security.gentoo.org/glsa/202007-48

vendor-advisoryx_refsource_GENTOO

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2018
Vulnerability Reserved
Apr 6, 2018

CVE-2018-9838 Data

JSON

Ocaml

What is CVE-2018-9838?

References

EPSS Score

CVSS V3.1

Timeline