DLA-466-1

Source
https://storage.googleapis.com/debian-osv/dla-osv/DLA-466-1.json
Aliases
  • CVE-2015-8869
Published
2016-05-11T00:00:00Z
Modified
2022-08-05T05:20:52.484115Z
Details

OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak.A

For Debian 7 Wheezy, these issues have been fixed in ocaml version 3.12.1-4+deb7u1

References

Affected packages

Debian:7 / ocaml

ocaml

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
3.12.1-4+deb7u1

Affected versions

3.*

3.12.1-4