| Name | CVE-2018-9838 |
| Description | The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 895472 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| ocaml (PTS) | jessie | 4.01.0-5 | vulnerable |
| stretch | 4.02.3-9 | vulnerable |
| buster | 4.05.0-11 | fixed |
| bullseye | 4.11.1-4 | fixed |
| bookworm | 4.13.1-4 | fixed |
| sid, trixie | 4.14.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| ocaml | source | (unstable) | 4.05.0-11 | | | 895472 |
Notes
[stretch] - ocaml <no-dsa> (Minor issue)
[jessie] - ocaml <no-dsa> (Minor issue)
[wheezy] - ocaml <no-dsa> (Minor issue)
https://caml.inria.fr/mantis/view.php?id=7765
https://github.com/ocaml/ocaml/pull/1718
https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47
Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c