Deserialization of Untrusted Data
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-502: Deserialization of Untrusted Data |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Using OCaml’s Marshal module to deserialize data from untrusted sources is unsafe because it doesn’t enforce type safety or data integrity. This can allow attackers to craft malicious inputs that compromise your application.
Impact#
If exploited, an attacker could trigger out-of-bounds reads, cause crashes, or execute arbitrary code, potentially leading to data leaks or full system compromise. This puts both application integrity and user data at significant risk.