CVE-2026-34353

null · ocaml

CVE-2026-34353: In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when un

Description

In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.

Affected Products

Vendor	Product	Versions
null	ocaml	0

References

Related News (1 articles)

Tier C

VulDB3d ago

CVE-2026-34353 | OCaml up to 4.14.3 Bigarray.reshape integer overflow

→ No new info (linked only)

CVSS 3.15.9 MEDIUM

VectorCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-190

PublishedMar 27, 2026

Last enriched3d agov2

Trending Score13

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34070EXP

LangChain Core has Path Traversal vulnerabilites in legacy `load_prompt` functions

Trending: 38

NONECVE-2018-25225EXP

SIPP 3.3 Stack-Based Buffer Overflow via Configuration File

Trending: 37

CRITICALCVE-2026-28505EXP

Tautulli: RCE via eval() sandbox bypass using lambda nested scope to escape co_names whitelist check

Trending: 33

CRITICALCVE-2026-31799

Tautulli: SQL Injection in get_home_stats API endpoint via unsanitised filter parameters

Trending: 31

MEDIUMCVE-2026-34040EXP

Moby has AuthZ plugin bypass when provided oversized request bodies

Trending: 28

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Mar 27, 2026

Discovered by ZDM

Mar 27, 2026

Updated: affectedVersions, severity, cvssEstimate

Mar 27, 2026

Version History

Last enriched 3d ago

v2Tier C3d ago

Updated vendor to 'ocaml', added affected versions 4.14.0, 4.14.1, 4.14.2, changed severity to LOW, and updated CVSS estimate to 4.2.

affectedVersionsseveritycvssEstimate

via VulDB

v13d ago

Initial creation