Severity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
AnalysisAI
OCaml's Bigarray.reshape function contains an integer overflow vulnerability that permits unauthenticated local attackers to read arbitrary memory contents when processing untrusted input. Affected versions through 4.14.3 allow an attacker with local access to trigger the overflow condition, bypassing memory protections and potentially exposing sensitive data including cryptographic keys or process memory. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
The vulnerability exists in OCaml's Bigarray module, a component providing multi-dimensional array operations. The reshape function performs dimension calculation without proper bounds checking, allowing integer overflow during size computations. This is a classic CWE-190 (Integer Overflow or Wraparound) vulnerability where the calculated reshaped array size overflows, resulting in undersized memory allocation. When subsequent operations read from the Bigarray using the legitimate but overflowed dimension values, memory access extends beyond the allocated buffer into adjacent heap or process memory. The affected product is identified via CPE as cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:* covering all OCaml versions up to and including 4.14.3.
RemediationAI
Upgrade to a patched OCaml release beyond 4.14.3 once available from the official OCaml project. The upstream fix has been addressed in pull request #14674 on GitHub (https://github.com/ocaml/ocaml/pull/14674); however, the exact released version number containing this fix is not independently confirmed in available data. Monitor the OCaml project releases page and security advisories for the first tagged release incorporating this patch. Until patching is possible, restrict Bigarray.reshape operations on untrusted input by validating dimension parameters, implementing input sanitization to ensure reshape dimensions cannot trigger integer overflow conditions, and limiting the scope of untrusted data processed through Bigarray operations in multi-tenant or high-security contexts.
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with rais
OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow a
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow w
OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but wi
Heap memory corruption in the OCaml runtime (before 4.14.3 and 5.x before 5.4.1) lets an attacker who can feed crafted M
OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, wh
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Linux Enterprise Desktop 15 SP7 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP7 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP7 | Fixed |
| SUSE Linux Enterprise Server 15 SP7 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP7 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP4 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 SP4-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP5 | Fixed |
| SUSE Linux Enterprise Server 15 SP5-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP6 | Fixed |
| SUSE Linux Enterprise Server 15 SP6-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP6 | Fixed |
| SUSE Manager Proxy 4.3 | Fixed |
| SUSE Manager Retail Branch Server 4.3 | Fixed |
| SUSE Manager Server 4.3 | Fixed |
| SUSE CaaS Platform 4.0 | Fixed |
| SUSE Enterprise Storage 6 | Fixed |
| SUSE Enterprise Storage 7 | Fixed |
| SUSE Enterprise Storage 7.1 | Fixed |
| SUSE Linux Enterprise Desktop 15 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP1 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP2 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP3 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP4 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP5 | Fixed |
| SUSE Linux Enterprise Desktop 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15 SP6 | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-ESPOS | Fixed |
| SUSE Linux Enterprise High Performance Computing 15-LTSS | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP1 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP2 | Fixed |
| SUSE Linux Enterprise Module for Development Tools 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP2 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP3 | Fixed |
| SUSE Linux Enterprise Real Time 15 SP4 | Fixed |
| SUSE Linux Enterprise Server 15 | Fixed |
| SUSE Linux Enterprise Server 15 SP1 | Fixed |
| SUSE Linux Enterprise Server 15 SP1-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP1-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP2 | Fixed |
| SUSE Linux Enterprise Server 15 SP2-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP2-LTSS | Fixed |
| SUSE Linux Enterprise Server 15 SP3 | Fixed |
| SUSE Linux Enterprise Server 15 SP3-BCL | Fixed |
| SUSE Linux Enterprise Server 15 SP3-LTSS | Fixed |
| SUSE Linux Enterprise Server 15-LTSS | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP1 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP2 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP3 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP4 | Fixed |
| SUSE Linux Enterprise Server for SAP Applications 15 SP5 | Fixed |
| SUSE Manager Proxy 4.0 | Fixed |
| SUSE Manager Proxy 4.1 | Fixed |
| SUSE Manager Proxy 4.2 | Fixed |
| SUSE Manager Retail Branch Server 4.0 | Fixed |
| SUSE Manager Retail Branch Server 4.1 | Fixed |
| SUSE Manager Retail Branch Server 4.2 | Fixed |
| SUSE Manager Server 4.0 | Fixed |
| SUSE Manager Server 4.1 | Fixed |
| SUSE Manager Server 4.2 | Fixed |
| openSUSE Leap 15.3 | Fixed |
| openSUSE Leap 15.4 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16555