CVE-2018-9838

The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
ocamlocaml
4.06.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ocaml
bookworm
4.13.1-4
fixed
bullseye
4.11.1-4
fixed
jessie
no-dsa
sid
5.2.0-3
fixed
stretch
no-dsa
trixie
5.2.0-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ocaml
artful
ignored
bionic
Fixed 4.05.0-10ubuntu1+esm1
released
cosmic
ignored
disco
ignored
eoan
not-affected
focal
not-affected
groovy
not-affected
hirsute
not-affected
impish
not-affected
jammy
not-affected
kinetic
not-affected
lunar
not-affected
trusty
Fixed 4.01.0-3ubuntu3.1+esm1
released
xenial
Fixed 4.02.3-5ubuntu2+esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ocaml
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-compiler-libs
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-compiler-libs-devel
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-ocamldoc
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-rpm-macros
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
ocaml-runtime
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
Common Weakness Enumeration
References
https://caml.inria.fr/mantis/view.php?id=7765
https://security.gentoo.org/glsa/202007-48
https://caml.inria.fr/mantis/view.php?id=7765
https://security.gentoo.org/glsa/202007-48