An integer overflow was discovered in OCaml's standard library, possibly allowing arbitrary execution of code.
|Package||dev-lang/ocaml on all architectures|
|Affected versions||< 4.09.0|
|Unaffected versions||>= 4.09.0|
OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages
The caml_ba_deserialize function in byterun/bigarray.c in the standard library of OCaml has an integer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All OCaml users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ocaml-4.09.0"
July 27, 2020
July 27, 2020: 2