PT-2023-7022 · Unknown+1 · Open Babel+1
Claudio Bozzato
·
Published
2023-07-21
·
Updated
2023-07-27
·
CVE-2022-46293
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Open Babel versions 3.1.1 and master commit 530dbfa3
Description
The issue is related to out-of-bounds write vulnerabilities in the translationVectors parsing functionality, which can be triggered by a specially-crafted malformed file. This can lead to arbitrary code execution. The vulnerability affects the MOPAC file format, specifically inside the Final Point and Derivatives section. An attacker can exploit this by providing a malicious file.
Recommendations
For Open Babel version 3.1.1, consider disabling the translationVectors parsing functionality until a patch is available.
For Open Babel master commit 530dbfa3, restrict access to the MOPAC file format to minimize the risk of exploitation.
Avoid using the translationVectors parsing functionality in the affected formats until the issue is resolved.
Exploit
Fix
Memory Corruption
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Debian
Open Babel