OSEC-2016-01
See a problem?- Import Source
- https://github.com/ocaml/security-advisories/blob/generated-osv/2016/OSEC-2016-01.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OSEC-2016-01
- Aliases
- Published
- 2016-04-29T00:18:22Z
- Modified
- 2026-02-09T09:46:10.099609Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- Buffer overflow and information leak in OCaml < 4.03.0
- Details
-
Bug description
OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function.
This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow.
Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.
This commit fixes the bug: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762 The function camlbitstring is called indirectly from such functions as String.copy. String.copy for instance is supposed to be a "safe" function for which OCaml's memory safety guarantees apply.
- Database specific
{ "osv": "https://github.com/ocaml/security-advisories/tree/generated-osv/2016/OSEC-2016-01.json", "cwe": [ "CWE-119", "CWE-200" ], "human_link": "https://github.com/ocaml/security-advisories/tree/main/advisories/2016/OSEC-2016-01.md" }- References
- Credits
-
-
- Radek Micek - REPORTER
-
- Damien Doligez - REMEDIATION_DEVELOPER
-
Affected packages
opam / ocaml
Package
- Name
- ocaml
- Purl
- pkg:opam/ocaml
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.03.0
- Type
- GIT
- Repo
- https://github.com/ocaml/ocaml
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed