CVE-2017-9772

Source
https://cve.org/CVERecord?id=CVE-2017-9772
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9772.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-9772
Aliases
Downstream
Related
Published
2017-06-23T20:29:00.207Z
Modified
2026-07-08T16:54:37.170700Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTE_CPLUGINS environment variable.

References

Affected packages

Git / github.com/ocaml/ocaml

Affected ranges

Type
GIT
Repo
https://github.com/ocaml/ocaml
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": [
        "cpe:2.3:a:ocaml:ocaml:4.04.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:ocaml:ocaml:4.04.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "4.04.0"
        },
        {
            "last_affected": "4.04.0"
        },
        {
            "introduced": "4.04.1"
        },
        {
            "last_affected": "4.04.1"
        }
    ]
}

Affected versions

4.*
4.04.0
4.04.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9772.json"