Out-of-Bounds Write Vulnerabilities in Open Babel's ORCA Format
CVE-2022-46289

9.8CRITICAL

Key Information:

Vendor: Open Babel
Status: Open Babel
Vendor: CVE Published:; 21 July 2023

What is CVE-2022-46289?

Open Babel versions 3.1.1 and the master commit 530dbfa3 are affected by multiple out-of-bounds write vulnerabilities in the ORCA format's nAtoms functionality. An attacker can exploit this by supplying a specially-crafted malformed file, which may lead to arbitrary code execution due to wrap-around issues in nAtoms calculation. The insufficient buffer allocation could enable the execution of malicious code, compromising the security and integrity of the affected system.

Affected Version(s)

Open Babel 3.1.1

Open Babel master commit 530dbfa3

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2023
Vulnerability Reserved
Nov 28, 2022

Credit

Discovered by Claudio Bozzato of Cisco Talos.

CVE-2022-46289 Data

JSON