UBUNTU-CVE-2017-9772

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2017-9772
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9772.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-9772
Upstream
Withdrawn
2025-07-18T16:44:01Z
Published
2017-06-23T20:29:00Z
Modified
2025-07-16T08:21:54.734256Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTE_CPLUGINS environment variable.

References

Affected packages

Ubuntu:14.04:LTS / ocaml

Package

Name
ocaml
Purl
pkg:deb/ubuntu/ocaml@4.01.0-3ubuntu3?arch=source&distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.01.0-3ubuntu3

Affected versions

3.*

3.12.1-4ubuntu1

4.*

4.01.0-3ubuntu2

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "camlp4"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "camlp4-extra"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-base"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-base-nox"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-compiler-libs"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-interp"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-mode"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-native-compilers"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-nox"
        },
        {
            "binary_version": "4.01.0-3ubuntu3",
            "binary_name": "ocaml-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9772.json"

Ubuntu:16.04:LTS / ocaml

Package

Name
ocaml
Purl
pkg:deb/ubuntu/ocaml@4.02.3-5ubuntu2?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.02.3-5ubuntu2

Affected versions

4.*

4.01.0-4ubuntu1
4.02.3-5ubuntu1

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-base"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-base-dbgsym"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-base-nox"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-base-nox-dbgsym"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-compiler-libs"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-interp"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-mode"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-native-compilers"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-native-compilers-dbgsym"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-nox"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-nox-dbgsym"
        },
        {
            "binary_version": "4.02.3-5ubuntu2",
            "binary_name": "ocaml-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9772.json"

Ubuntu:18.04:LTS / ocaml

Package

Name
ocaml
Purl
pkg:deb/ubuntu/ocaml@4.05.0-10ubuntu1?arch=source&distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.05.0-10ubuntu1

Affected versions

4.*

4.04.0-2ubuntu4

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-base"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-base-dbgsym"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-base-nox"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-base-nox-dbgsym"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-compiler-libs"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-interp"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-mode"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-nox"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-nox-dbgsym"
        },
        {
            "binary_version": "4.05.0-10ubuntu1",
            "binary_name": "ocaml-source"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9772.json"