CVE-2017-9772

critical

Description

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

References

https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html

https://security.gentoo.org/glsa/201710-07

https://caml.inria.fr/mantis/view.php?id=7557

http://www.securityfocus.com/bid/99277

Details

Source: Mitre, NVD

Published: 2017-06-23

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical