漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Vulnerability Type
缓冲区上溢读取
Vulnerability Title
OCaml Security Advisory Database 安全漏洞
Vulnerability Description
OCaml Security Advisory Database是OCaml开源的一个安全数据库。 OCaml Security Advisory Database 4.14.3之前版本和5.4.1之前的5.x版本存在安全漏洞,该漏洞源于Marshal反序列化时存在缓冲区过度读取,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A