Open Babel 3.1.1: Out-of-bounds read in MOL2 File Handler

Summary

A security issue was found in Open Babel's MOL2 File Handler. This could allow an attacker to access sensitive data. Open Babel's developers have released a patch to fix this issue, which you should apply to your version to stay secure.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
openbabel	open_babel	<= 3.1.1	–

Original title

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The ...

Original description

A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.

nvd CVSS2.0 5.0

nvd CVSS3.1 8.1

nvd CVSS4.0 5.3

Vulnerability type

CWE-119 Buffer Overflow

CWE-125 Out-of-bounds Read

https://github.com/VedantMadane/openbabel/commit/e23a224b8fd9d7c2a7cde9ef4ec6afb...
https://github.com/oneafter/0128/blob/main/ob2/repro.mol2 Exploit
https://github.com/openbabel/openbabel/issues/2848 Exploit Issue Tracking
https://github.com/openbabel/openbabel/pull/2862
https://vuldb.com/?ctiid.346651 Permissions Required VDB Entry
https://vuldb.com/?id.346651 Third Party Advisory VDB Entry
https://vuldb.com/?submit.754379 Third Party Advisory VDB Entry