An integer overflow was discovered in OCaml's standard library, possibly allowing arbitrary execution of code.
Package | dev-lang/ocaml on all architectures |
---|---|
Affected versions | < 4.09.0 |
Unaffected versions | >= 4.09.0 |
OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages
The caml_ba_deserialize function in byterun/bigarray.c in the standard library of OCaml has an integer overflow.
A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition.
There is no known workaround at this time.
All OCaml users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/ocaml-4.09.0"
Release date
July 27, 2020
Latest revision
July 27, 2020: 2
Severity
normal
Exploitable
remote
Bugzilla entries