Описание
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 4.05.0-10ubuntu1 |
| cosmic | not-affected | 4.05.0-10ubuntu1 |
| devel | not-affected | 4.05.0-10ubuntu1 |
| disco | not-affected | 4.05.0-10ubuntu1 |
| esm-apps/bionic | not-affected | 4.05.0-10ubuntu1 |
| esm-apps/xenial | not-affected | 4.02.3-5ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 4.01.0-3ubuntu3 |
| precise/esm | DNE | |
| trusty | not-affected | 4.01.0-3ubuntu3 |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4. ...
Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3