Integer Overflow Vulnerability in OCaml's Bigarray Reshape
CVE-2026-34353

5.9MEDIUM

Key Information:

Vendor: Ocaml
Status: Ocaml
Vendor: CVE Published:; 27 March 2026

What is CVE-2026-34353?

In the OCaml programming language, specifically in Bigarray versions up to 4.14.3, there exists a critical integer overflow vulnerability in the reshape function. This flaw allows attackers to manipulate untrusted data, leading to the potential reading of arbitrary memory locations. Such behavior could be exploited to gain unauthorized access to sensitive information or control over the running system.

Affected Version(s)

OCaml 0 <= 4.14.3

References

https://github.com/ocaml/ocaml/issues/14655

https://github.com/ocaml/ocaml/pull/14674

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34353 Data

JSON

Ocaml

What is CVE-2026-34353?

Affected Version(s)

References

CVSS V3.1

Timeline