Amazon Linux 2023 : ocaml, ocaml-compiler-libs, ocaml-ocamldoc (ALAS2023-2026-1479)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1479 advisory. In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems fro...