Bug 1565468 (CVE-2018-9838)
Summary: | CVE-2018-9838 ocaml: Integer overflow in byterun/bigarray.c:caml_ba_deserialize() allows remote attackers to cause a denial of service or other unspecified impact | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | c.david86, gemi, rjones, sfowler |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-21 20:00:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1565470, 1565471, 1566999 | ||
Bug Blocks: | 1565476 |
Description
Sam Fowler
2018-04-10 05:20:22 UTC
Created ocaml tracking bugs for this issue: Affects: fedora-all [bug 1565471] I think the impact of this should be "low". My reasoning is that the Marshal interface is unsafe and should not be used when sending data to untrusted end points. The documentation is quite explicit about this. It is possible to crash the remote end point in multiple ways, eg: let m = Marshal.to_string (1, 2) [] let x : bool * string = Marshal.from_string m 0 let () = Printf.printf "%b * %s" (fst x) (snd x) $ ocamlopt crash.ml -o crash $ ./crash Segmentation fault (core dumped) OCaml provides ways to serialize data safely but Marshal is a low-level interface which doesn't do that. Of course I will fix this problem anyway in Fedora & RHEL. They're still working on a fix upstream, but the latest proposal is https://github.com/ocaml/ocaml/pull/1718 |