CVE-2026-28364 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phas…
High CVSS: 7.9

CVE-2026-28364

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data.
Vendor
Ocaml
Product
Ocaml
CWE
CWE-126
Yayın Tarihi
2026-02-27 04:16:03
Güncelleme
2026-03-06 19:15:08
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-126 Ocaml HIGH Ocaml 2026

Referanslar

https://github.com/ocaml/security-advisories/blob/generated-osv/2026/OSEC-2026-01.json https://osv.dev/vulnerability/OSEC-2026-01