{"id":"MGASA-2019-0124","summary":"Updated ocaml packages fix security vulnerability","details":"The caml_ba_deserialize function in byterun/bigarray.c in the standard\nlibrary in OCaml 4.06.0 has an integer overflow which, in situations where\nmarshalled data is accepted from an untrusted source, allows remote\nattackers to cause a denial of service (memory corruption) or possibly\nexecute arbitrary code via a crafted object. (CVE-2018-9838)\n","modified":"2026-04-16T00:09:53.351508410Z","published":"2019-04-05T18:12:59Z","upstream":["CVE-2018-9838"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0124.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22948"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-04/msg00070.html"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1088591"},{"type":"WEB","url":"https://lists.opensuse.org/opensuse-updates/2018-06/msg00016.html"}],"affected":[{"package":{"name":"ocaml","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ocaml?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.02.3-6.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0124.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}