Ocaml
Monthly
OCaml's Bigarray.reshape function contains an integer overflow vulnerability that permits unauthenticated local attackers to read arbitrary memory contents when processing untrusted input. Affected versions through 4.14.3 allow an attacker with local access to trigger the overflow condition, bypassing memory protections and potentially exposing sensitive data including cryptographic keys or process memory. No public exploit code or active exploitation has been confirmed at time of analysis.
Remote code execution in OCaml versions before 4.14.3 and 5.x before 5.4.1 allows unauthenticated attackers to execute arbitrary code by supplying malicious serialized data that exploits insufficient bounds checking in the Marshal deserialization function. The vulnerability stems from unbounded memory copy operations in the readblock() function that processes attacker-controlled length values, enabling a multi-stage exploitation chain. No patch is currently available for affected systems.
OCaml's Bigarray.reshape function contains an integer overflow vulnerability that permits unauthenticated local attackers to read arbitrary memory contents when processing untrusted input. Affected versions through 4.14.3 allow an attacker with local access to trigger the overflow condition, bypassing memory protections and potentially exposing sensitive data including cryptographic keys or process memory. No public exploit code or active exploitation has been confirmed at time of analysis.
Remote code execution in OCaml versions before 4.14.3 and 5.x before 5.4.1 allows unauthenticated attackers to execute arbitrary code by supplying malicious serialized data that exploits insufficient bounds checking in the Marshal deserialization function. The vulnerability stems from unbounded memory copy operations in the readblock() function that processes attacker-controlled length values, enabling a multi-stage exploitation chain. No patch is currently available for affected systems.