CVE-2018-9838: Integer Overflow
First published: Fri Apr 06 2018(Updated: )
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE OCaml Runtime | =4.06.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-9838?
CVE-2018-9838 is classified as a medium severity vulnerability that can lead to denial of service or potential memory corruption.
How do I fix CVE-2018-9838?
To fix CVE-2018-9838, upgrade OCaml to versions newer than 4.06.0 where the vulnerability has been addressed.
What software is affected by CVE-2018-9838?
CVE-2018-9838 affects OCaml version 4.06.0 specifically.
What type of attack does CVE-2018-9838 facilitate?
CVE-2018-9838 allows remote attackers to exploit integer overflow that can cause memory corruption.
Can CVE-2018-9838 be exploited remotely?
Yes, CVE-2018-9838 can be exploited remotely if marshalled data from untrusted sources is accepted.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/ocaml
- canonical/suse ocaml runtime
- version/suse ocaml runtime/4.06.0