Maximilian Tschirschnitz

**Name of the Vulnerable Software and Affected Versions** OCaml version 4.06.0 **Description** The issue is related to an integer overflow in the caml ba deserialize function, which can be exploited when marshalled data from an untrusted source is accepted. This can lead to a denial of service due to memory corruption or potentially allow the execution of arbitrary code via a crafted object. The vulnerability may also allow a remote attacker to access or modify confidential data. **Recommendations** For OCaml version 4.06.0, as a temporary workaround, consider restricting the acceptance of marshalled data from untrusted sources to minimize the risk of exploitation. Avoid using the caml ba deserialize function with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.