CVE-2022-46294

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Open Babel versions 3.1.1 and master commit 530dbfa3

Description The issue is related to out-of-bounds write vulnerabilities in the translationVectors parsing functionality. This can be triggered by a specially-crafted malformed file, potentially leading to arbitrary code execution. An attacker can exploit this by providing a malicious file. The vulnerability affects the MOPAC Cartesian file format.

Recommendations For Open Babel version 3.1.1, consider disabling the translationVectors parsing functionality until a patch is available. For Open Babel master commit 530dbfa3, restrict the use of the affected MOPAC Cartesian file format to minimize the risk of exploitation. Avoid using malicious or untrusted files with the affected software until the issue is resolved.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-119

Related Identifiers

BDU:2023-07499

CVE-2022-46294

Affected Products

Debian

Open Babel

CVE-2022-46294

Weakness Enumeration

Related Identifiers

Affected Products

References · 11