Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

OCaml

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found

CVE-2026-41082
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.18% / 7.76%
||
7 Day CHG-0.01%
Published-16 Apr, 2026 | 17:32
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory.

Action-Not Available
Vendor-OCamlRed Hat, Inc.
Product-opamRed Hat Enterprise Linux 10
CWE ID-CWE-24
Path Traversal: '../filedir'
CVE-2026-34353
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 1.76%
||
7 Day CHG~0.00%
Published-27 Mar, 2026 | 04:55
Updated-14 Apr, 2026 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.

Action-Not Available
Vendor-ocamlOCaml
Product-ocamlOCaml
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-28364
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.9||HIGH
EPSS-0.21% / 11.24%
||
7 Day CHG+0.03%
Published-27 Feb, 2026 | 03:54
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.

Action-Not Available
Vendor-ocamlOCamlRed Hat, Inc.
Product-ocamlOCamlRed Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-126
Buffer Over-read