CVE-2022-41793

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 through master commit 530dbfa3

Description An out-of-bounds write issue exists in the CSR format title functionality. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this issue.

Recommendations For Open Babel version 3.1.1, consider avoiding the use of the CSR format title functionality until a patch is available. For Open Babel master commit 530dbfa3, restrict the processing of malformed files to minimize the risk of exploitation. As a temporary workaround, consider disabling the functionality that handles CSR format titles until a fix is released.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

BDU:2023-04747

CVE-2022-41793

Affected Products

Debian

Open Babel

CVE-2022-41793

Weakness Enumeration

Related Identifiers

Affected Products

References · 11