The OCaml standard library in version 4.06.00 has an integer overflow vulnerability in byterun/bigarray.c:caml_ba_deserialize() when handling serialized (marshalled) data. A remote attacker could exploit this to cause a denial of service or possible code execution by supplying a crafted serialized object.
Created ocaml tracking bugs for this issue:
Affects: fedora-all [bug 1565471]
I think the impact of this should be "low".
My reasoning is that the Marshal interface is unsafe and should not
be used when sending data to untrusted end points. The documentation
is quite explicit about this.
It is possible to crash the remote end point in multiple ways, eg:
let m = Marshal.to_string (1, 2) 
let x : bool * string = Marshal.from_string m 0
let () = Printf.printf "%b * %s" (fst x) (snd x)
$ ocamlopt crash.ml -o crash
Segmentation fault (core dumped)
OCaml provides ways to serialize data safely but Marshal is a low-level
interface which doesn't do that.
Of course I will fix this problem anyway in Fedora & RHEL.
They're still working on a fix upstream, but the latest proposal is