CVE-2026-34353
Publication date 30 March 2026
Last updated 30 March 2026
Ubuntu priority
Description
In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| ocaml | 25.10 questing |
Not affected
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.9 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Changed |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |