{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T07:20:28.655","vulnerabilities":[{"cve":{"id":"CVE-2026-28364","sourceIdentifier":"cve@mitre.org","published":"2026-02-27T04:16:03.410","lastModified":"2026-03-06T19:15:08.113","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization (runtime/intern.c) enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock() function, which performs unbounded memcpy() operations using attacker-controlled lengths from crafted Marshal data."},{"lang":"es","value":"En OCaml anterior a 4.14.3 y 5.x anterior a 5.4.1, un desbordamiento de lectura de búfer en la deserialización de Marshal (runtime/intern.c) permite la ejecución remota de código a través de una cadena de ataque multifase. La vulnerabilidad radica en la falta de validación de límites en la función readblock(), que realiza operaciones memcpy() sin límites utilizando longitudes controladas por el atacante a partir de datos Marshal manipulados."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N","baseScore":7.9,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Primary","description":[{"lang":"en","value":"CWE-126"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.3","matchCriteriaId":"C54A8C4D-61D8-446B-8DCA-FBF8394EE7B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:ocaml:ocaml:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.4.1","matchCriteriaId":"296325F6-F724-4C88-9A80-6D5696A35225"}]}]}],"references":[{"url":"https://github.com/ocaml/security-advisories/blob/generated-osv/2026/OSEC-2026-01.json","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://osv.dev/vulnerability/OSEC-2026-01","source":"cve@mitre.org","tags":["Third Party Advisory"]}]}}]}