CVE-2017-9772

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9772

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9772.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-9772

Related

Published

2017-06-23T20:29:00Z

Modified

2025-04-20T04:07:26.993032Z

Downstream

openSUSE-SU-2024:10587-1

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTE_CPLUGINS environment variable.

References

Affected packages

Git / github.com/ocaml/ocaml

Affected ranges

Type: GIT
Repo: https://github.com/ocaml/ocaml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5d0f1bf69829d8d276402e29d0944fe2fc8e81c7

Last affected

7de17eaeccfe555eb2629af7e1048b0e5d492f01

Affected versions

4.*

4.03.0

4.03.0+beta2

4.04.0

4.04.0+beta1

4.04.0+beta2

Other

flambda_fork_point