{"id":"OSEC-2017-01","summary":"Local privilege escalation issue with ocaml binaries","details":"## Description\n\nInsufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.","aliases":["CVE-2017-9772"],"modified":"2026-02-17T00:26:51.678574Z","published":"2017-06-23T15:19:47Z","database_specific":{"human_link":"https://github.com/ocaml/security-advisories/tree/main/advisories/2017/OSEC-2017-01.md","cwe":["CWE-269"],"osv":"https://github.com/ocaml/security-advisories/tree/generated-osv/2017/OSEC-2017-01.json"},"references":[{"type":"REPORT","url":"https://github.com/ocaml/ocaml/issues/7557"}],"affected":[{"package":{"name":"ocaml","ecosystem":"opam","purl":"pkg:opam/ocaml"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.04"},{"fixed":"4.04.2"}]},{"type":"GIT","repo":"https://github.com/ocaml/ocaml","events":[{"fixed":"850021c200c7507f2a928a66fa1291ff4ae3a622"},{"introduced":"507507829e9639374ede5a2dade1bb6d6b98ad49"}]}],"versions":["4.04.0","4.04.1"],"ecosystem_specific":{"opam_constraint":"ocaml {\u003e= \"4.04\" & \u003c \"4.04.2\"}"},"database_specific":{"source":"https://github.com/ocaml/security-advisories/blob/generated-osv/2017/OSEC-2017-01.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Eric Milliken","type":"REPORTER"},{"name":"Damien Doligez","type":"REMEDIATION_DEVELOPER"},{"name":"Xavier Leroy","type":"REMEDIATION_REVIEWER"}]}