PT-2018-3635 · Inria+2 · Ocaml+2

Maximilian Tschirschnitz

Publicado

2018-04-06

Atualizado

2021-03-15

CVE-2018-9838

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OCaml version 4.06.0

Description The issue is related to an integer overflow in the caml ba deserialize function, which can be exploited when marshalled data from an untrusted source is accepted. This can lead to a denial of service due to memory corruption or potentially allow the execution of arbitrary code via a crafted object. The vulnerability may also allow a remote attacker to access or modify confidential data.

Recommendations For OCaml version 4.06.0, as a temporary workaround, consider restricting the acceptance of marshalled data from untrusted sources to minimize the risk of exploitation. Avoid using the caml ba deserialize function with untrusted input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

BDU:2021-01481

CVE-2018-9838

MGASA-2019-0124

OPENSUSE-SU-2018_1561-1

OPENSUSE-SU-2024:10587-1

OSEC-2018-01

SUSE-SU-2018:0983-1

SUSE-SU-2018:1075-1

SUSE-SU-2018:1493-1

SUSE-SU-2018:1494-1

SUSE-SU-2018_0983-1

SUSE-SU-2018_1075-1

SUSE-SU-2018_1493-1

SUSE-SU-2018_1494-1

USN-4778-1

Produtos afetados

Ocaml

Suse

Ubuntu

PT-2018-3635 · Inria+2 · Ocaml+2

CVE-2018-9838

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 32