Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-8869

Опубликовано: 28 апр. 2016
Источник: redhat
CVSS2: 4.4

Описание

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak.

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-194
https://bugzilla.redhat.com/show_bug.cgi?id=1332090ocaml: sizes arguments are sign-extended from 32 to 64 bits

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-8869

CVSS3: 9.1
ubuntu
около 9 лет назад

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

nvd логотип

CVE-2015-8869

CVSS3: 9.1
nvd
около 9 лет назад

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function.

debian логотип

CVE-2015-8869

CVSS3: 9.1
debian
около 9 лет назад

OCaml before 4.03.0 does not properly handle sign extensions, which al ...

suse-cvrf логотип

openSUSE-SU-2016:2273-1

suse-cvrf
почти 9 лет назад

Security update for ocaml

suse-cvrf логотип

SUSE-SU-2016:2194-1

suse-cvrf
около 9 лет назад

Security update for ocaml

4.4 Medium

CVSS2