CVE-2015-8869 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Information disclosure |
| Description | OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-13 | ocaml | 4.02.3-2 | 4.03.0-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 24 Oct 2016 | ASA-201610-17 | AVG-13 | ocaml | Medium | information disclosure |
| References |
|---|
http://www.openwall.com/lists/oss-security/2016/04/29/6 |