A buffer over-read vulnerability has been identified in OCaml versions prior to 4.14.3 and in the 5.x series prior to 5.4.1. This vulnerability occurs in the Marshal deserialization process, specifically within the 'runtime/intern.c' file. The issue arises from inadequate bounds validation in the 'readblock()' function, which enables unbounded memory copy operations using lengths controlled by attackers, derived from manipulated Marshal data. This flaw can be exploited to execute remote code through a multi-phase attack chain.
Exploitation of this vulnerability leads to remote code execution on the affected system.
OCaml has released fixed versions that include additional bounds checks in the runtime, raising exceptions on bad input. Third-party libraries can also harden their custom Marshal deserialization code by following the example fix for bigarrays from the standard library.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
