ubuntu · CVE-2017-9772

Quick triage

Priority: medium Published: 2017-06-23 20:29:00 UTC Updated: 2025-08-25 22:42:04 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-9772 medium priority: Ubuntu including 1 source packages (ocaml), 9 status rows across 9 suites (artful, bionic, cosmic, disco, trusty, upstream, xenial, yakkety, zesty): not-affected 6, ignored 2, released 1.

Description:

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.

cvelogic Threat Intelligence