{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openbabel-pip-up-to-3.1.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":["cpe:2.3:a:openbabel:open_babel:3.1.1:*:*:*:*:*:*:*"],"_cs_cves":[{"cvss":8.1,"id":"CVE-2022-43607"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Open Babel (up to 3.1.1)","openbabel (pip) (up to 3.1.1)"],"_cs_severities":["high"],"_cs_tags":["memory-safety","vulnerability","library","cve","file-parsing","chemistry","denial-of-service","code-execution"],"_cs_type":"threat","_cs_vendors":["Open Babel"],"content_html":"\u003cp\u003eCisco TALOS reported a critical memory-safety vulnerability, CVE-2022-43607, affecting Open Babel versions up to 3.1.1. This flaw resides within the MOL2 file format parser, specifically in the attribute/value parsing path. An attacker can craft a malicious MOL2 file containing an overly long attribute or value, which, when processed by the vulnerable Open Babel software, triggers an out-of-bounds write. This vulnerability is significant because Open Babel is a widely used C++ library and command-line interface (\u003ccode\u003eobabel\u003c/code\u003e) for manipulating chemistry file formats, often embedded in scientific applications and services. The vulnerability can be exploited when a victim opens a specially crafted MOL2 file using the \u003ccode\u003eobabel\u003c/code\u003e tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This can lead to memory corruption, denial of service, or potentially arbitrary code execution if successfully weaponized.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious MOL2 file containing an over-long attribute or value designed to exceed a fixed-size buffer.\u003c/li\u003e\n\u003cli\u003eThe attacker delivers this crafted MOL2 file to a target system or user (e.g., via email, web download, or shared storage).\u003c/li\u003e\n\u003cli\u003eThe victim opens or processes the malicious MOL2 file using the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, the \u003ccode\u003eOBConversion\u003c/code\u003e API, or one of Open Babel's language bindings.\u003c/li\u003e\n\u003cli\u003eOpen Babel's MOL2 parser attempts to parse the malicious file's attributes and values.\u003c/li\u003e\n\u003cli\u003eDuring parsing, the overly long data triggers an out-of-bounds write operation past the end of an allocated memory buffer.\u003c/li\u003e\n\u003cli\u003eThis memory corruption can lead to a crash of the Open Babel process, resulting in a denial of service (DoS).\u003c/li\u003e\n\u003cli\u003eWith sophisticated exploitation, this memory corruption could potentially be leveraged to achieve arbitrary code execution.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2022-43607 can result in memory corruption, leading to a denial of service (DoS) by crashing the application or tool processing the malicious MOL2 file. In more severe scenarios, it could enable arbitrary code execution, granting attackers control over the compromised system. While no specific in-the-wild exploitation has been observed, the widespread use of Open Babel in academic, research, and industrial sectors that handle chemical data means that a broad range of organizations could be affected. Any service or workstation that uses Open Babel to parse untrusted MOL2 files is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2022-43607 by updating Open Babel to version 3.2.0 or later immediately across all affected systems.\u003c/li\u003e\n\u003cli\u003eImplement process creation logging (e.g., Sysmon for Windows or Auditd for Linux) to activate the provided Sigma rule for \u003ccode\u003eobabel\u003c/code\u003e execution.\u003c/li\u003e\n\u003cli\u003eReview and tune the provided Sigma rule to monitor for unusual invocations of the \u003ccode\u003eobabel\u003c/code\u003e command-line tool, especially from untrusted sources or with uncommon parameters.\u003c/li\u003e\n\u003cli\u003eEducate users on the risks of opening untrusted or suspicious MOL2 files received from unknown sources, as user interaction is required for exploitation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-03T12:52:17Z","date_published":"2026-07-03T12:52:17Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/","summary":"A memory-safety vulnerability, CVE-2022-43607, in Open Babel's MOL2 parser allows an out-of-bounds write when processing a crafted input file, potentially leading to denial of service or arbitrary code execution.","title":"Open Babel MOL2 Parser Out-of-Bounds Write (CVE-2022-43607)","url":"https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/"}],"language":"en","title":"CraftedSignal Threat Feed - Openbabel (Pip) (Up to 3.1.1)","version":"https://jsonfeed.org/version/1.1"}