918567 – (CVE-2022-37331, CVE-2022-41793, CVE-2022-42885, CVE-2022-43467, CVE-2022-43607, CVE-2022-44451, CVE-2022-46280, CVE-2022-46289, CVE-2022-46290, CVE-2022-46291, CVE-2022-46292, CVE-2022-46293, CVE-2022-46294, CVE-2022-46295) sci-chemistry/openbabel: multiple vulnerabilities
Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 918567 (CVE-2022-37331, CVE-2022-41793, CVE-2022-42885, CVE-2022-43467, CVE-2022-43607, CVE-2022-44451, CVE-2022-46280, CVE-2022-46289, CVE-2022-46290, CVE-2022-46291, CVE-2022-46292, CVE-2022-46293, CVE-2022-46294, CVE-2022-46295) - sci-chemistry/openbabel: multiple vulnerabilities
Summary: sci-chemistry/openbabel: multiple vulnerabilities
Status: CONFIRMED
Alias: CVE-2022-37331, CVE-2022-41793, CVE-2022-42885, CVE-2022-43467, CVE-2022-43607, CVE-2022-44451, CVE-2022-46280, CVE-2022-46289, CVE-2022-46290, CVE-2022-46291, CVE-2022-46292, CVE-2022-46293, CVE-2022-46294, CVE-2022-46295
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/openbabel/openbabe...
Whiteboard: B2 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-25 22:45 UTC by John Helmert III
Modified: 2023-11-25 22:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 22:45:51 UTC
CVE-2022-46293 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666):

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section

CVE-2022-46294 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666):

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format

CVE-2022-46295 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666):

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format

CVE-2022-37331 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672):

An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-41793 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667):

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-42885 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668):

A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43467 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671):

An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-43607 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664):

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-44451 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669):

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-46280 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670):

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-46289 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665):

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation

CVE-2022-46290 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665):

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms

CVE-2022-46291 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666):

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format

CVE-2022-46292 (https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666):

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 22:51:53 UTC
Asking upstream: https://github.com/openbabel/openbabel/issues/2650