DebianDEBIAN:DLA-466-1:AC67D[SECURITY] [DLA 466-1] ocaml security update
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.022 Low
EPSS
Percentile
89.4%
Package : ocaml
Version : 3.12.1-4+deb7u1
CVE ID : CVE-2015-8869
OCaml versions 4.02.3 and earlier have a runtime bug that,
on 64-bit platforms, causes sizes arguments to an internal
memmove call to be sign-extended from 32 to 64-bits before
being passed to the memmove function.
This leads arguments between 2GiB and 4GiB to be interpreted
as larger than they are (specifically, a bit below 2^64),
causing a buffer overflow.
Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller
than they should be, causing a possible information leak.A
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | all | ocaml | < 3.12.1-4+deb7u1 | ocaml_3.12.1-4+deb7u1_all.deb |
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.022 Low
EPSS
Percentile
89.4%