Re: OSEC-2026-01 in the OCaml runtime: Buffer Over-Read in OCaml Marshal Deserialization

Posted by Demi Marie Obenour on Mar 01That is indeed true. However, unlike in many other languages, this does not directly allow arbitrary code execution. The only third-party code that runs during unmarshalling is the C code responsible for unmarshalling cus…