<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Openbabel (Pip) (Up to 3.1.1) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/openbabel-pip-up-to-3.1.1/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Fri, 03 Jul 2026 12:52:17 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/openbabel-pip-up-to-3.1.1/feed.xml" rel="self" type="application/rss+xml"/><item><title>Open Babel MOL2 Parser Out-of-Bounds Write (CVE-2022-43607)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</link><pubDate>Fri, 03 Jul 2026 12:52:17 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openbabel-oob-write/</guid><description>A memory-safety vulnerability, CVE-2022-43607, in Open Babel's MOL2 parser allows an out-of-bounds write when processing a crafted input file, potentially leading to denial of service or arbitrary code execution.</description><content:encoded><![CDATA[<p>Cisco TALOS reported a critical memory-safety vulnerability, CVE-2022-43607, affecting Open Babel versions up to 3.1.1. This flaw resides within the MOL2 file format parser, specifically in the attribute/value parsing path. An attacker can craft a malicious MOL2 file containing an overly long attribute or value, which, when processed by the vulnerable Open Babel software, triggers an out-of-bounds write. This vulnerability is significant because Open Babel is a widely used C++ library and command-line interface (<code>obabel</code>) for manipulating chemistry file formats, often embedded in scientific applications and services. The vulnerability can be exploited when a victim opens a specially crafted MOL2 file using the <code>obabel</code> tool, the <code>OBConversion</code> API, or any of its language bindings (Python, Ruby, Java, R, Perl, C#, PHP). This can lead to memory corruption, denial of service, or potentially arbitrary code execution if successfully weaponized.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker crafts a malicious MOL2 file containing an over-long attribute or value designed to exceed a fixed-size buffer.</li>
<li>The attacker delivers this crafted MOL2 file to a target system or user (e.g., via email, web download, or shared storage).</li>
<li>The victim opens or processes the malicious MOL2 file using the <code>obabel</code> command-line tool, the <code>OBConversion</code> API, or one of Open Babel's language bindings.</li>
<li>Open Babel's MOL2 parser attempts to parse the malicious file's attributes and values.</li>
<li>During parsing, the overly long data triggers an out-of-bounds write operation past the end of an allocated memory buffer.</li>
<li>This memory corruption can lead to a crash of the Open Babel process, resulting in a denial of service (DoS).</li>
<li>With sophisticated exploitation, this memory corruption could potentially be leveraged to achieve arbitrary code execution.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2022-43607 can result in memory corruption, leading to a denial of service (DoS) by crashing the application or tool processing the malicious MOL2 file. In more severe scenarios, it could enable arbitrary code execution, granting attackers control over the compromised system. While no specific in-the-wild exploitation has been observed, the widespread use of Open Babel in academic, research, and industrial sectors that handle chemical data means that a broad range of organizations could be affected. Any service or workstation that uses Open Babel to parse untrusted MOL2 files is at risk.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2022-43607 by updating Open Babel to version 3.2.0 or later immediately across all affected systems.</li>
<li>Implement process creation logging (e.g., Sysmon for Windows or Auditd for Linux) to activate the provided Sigma rule for <code>obabel</code> execution.</li>
<li>Review and tune the provided Sigma rule to monitor for unusual invocations of the <code>obabel</code> command-line tool, especially from untrusted sources or with uncommon parameters.</li>
<li>Educate users on the risks of opening untrusted or suspicious MOL2 files received from unknown sources, as user interaction is required for exploitation.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">threat</category><category>memory-safety</category><category>vulnerability</category><category>library</category><category>cve</category><category>file-parsing</category><category>chemistry</category><category>denial-of-service</category><category>code-execution</category></item></channel></rss>