{"id":"UBUNTU-CVE-2018-9838","details":"The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted object.","modified":"2026-02-04T04:03:59.532114Z","published":"2018-04-06T18:29:00Z","related":["USN-4778-1"],"upstream":["CVE-2018-9838"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-9838"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4778-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-9838"}],"affected":[{"package":{"name":"ocaml","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/ocaml@4.01.0-3ubuntu3.1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.01.0-3ubuntu3.1+esm1"}]}],"versions":["3.12.1-4ubuntu1","4.01.0-3ubuntu2","4.01.0-3ubuntu3","4.01.0-3ubuntu3.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"camlp4"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"camlp4-extra"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-base"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-base-nox"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-compiler-libs"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-interp"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-mode"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-native-compilers"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-nox"},{"binary_version":"4.01.0-3ubuntu3.1+esm1","binary_name":"ocaml-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-9838.json"}},{"package":{"name":"ocaml","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/ocaml@4.02.3-5ubuntu2+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.02.3-5ubuntu2+esm1"}]}],"versions":["4.01.0-4ubuntu1","4.02.3-5ubuntu1","4.02.3-5ubuntu2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-base"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-base-nox"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-compiler-libs"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-interp"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-mode"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-native-compilers"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-nox"},{"binary_version":"4.02.3-5ubuntu2+esm1","binary_name":"ocaml-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-9838.json"}},{"package":{"name":"ocaml","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/ocaml@4.05.0-10ubuntu1+esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.05.0-10ubuntu1+esm1"}]}],"versions":["4.04.0-2ubuntu4","4.05.0-10ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-base"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-base-nox"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-compiler-libs"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-interp"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-mode"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-nox"},{"binary_version":"4.05.0-10ubuntu1+esm1","binary_name":"ocaml-source"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-9838.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}