FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

OCaml -- Multiple Security Vulnerabilities

Affected packages
ocaml < 4.03.0

Details

VuXML ID 8d2af843-7d8e-11e9-8464-c85b76ce9b5a
Discovery 2016-06-13
Entry 2019-05-23
Modified 2019-05-26

MITRE reports:

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

References

CVE Name CVE-2015-8869
URL https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
URL https://nvd.nist.gov/vuln/detail/CVE-2015-8869