Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Arbitrary code execution in OCaml readblock() function
Summary
An update for OCaml is available to fix a security issue that could allow an attacker to execute malicious code. This issue affects OCaml users, and it's recommended to apply the update to ensure system security and prevent potential attacks. An immediate update is necessary to protect against this vulnerability.
What to do
- Update ocaml to version 4.14.2-150600.3.3.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | ocaml | <= 4.14.2-150600.3.3.1 | 4.14.2-150600.3.3.1 |
| – | ocaml | <= 4.14.2-150600.3.3.1 | 4.14.2-150600.3.3.1 |
| – | ocaml | <= 4.14.2-150600.3.3.1 | 4.14.2-150600.3.3.1 |
| – | ocaml | <= 4.14.2-150600.3.3.1 | 4.14.2-150600.3.3.1 |
Original title
Security update for ocaml
Original description
This update for ocaml fixes the following issues:
- CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992).
- CVE-2026-28364: missing bounds validation in readblock() can lead to arbitrary code execution (bsc#1258992).
- https://www.suse.com/support/update/announcement/2026/suse-su-20260830-1/ Vendor Advisory
- https://bugzilla.suse.com/1258992 Third Party Advisory
- https://www.suse.com/security/cve/CVE-2026-28364 URL
Published: 5 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026