CVE-2022-46280

2023-07-2121:15:10

CWE-824

[email protected]

web.nvd.nist.gov

cve-2022-46280

uninitialized pointer

pqs format

open babel 3.1.1

code execution

security vulnerability

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.2%

JSON

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

openbabelopen_babelRange≤3.1.1

openbabelopen_babelRange≤master commit 530dbfa3

CPENameOperatorVersion
openbabel:open_babelopenbabel open babeleq3.1.1

CPE	Name	Operator	Version
openbabel:open_babel	openbabel open babel	eq	3.1.1

CNA Affected

[
  {
    "vendor": "Open Babel",
    "product": "Open Babel",
    "versions": [
      {
        "version": "3.1.1",
        "status": "affected"
      },
      {
        "version": "master commit 530dbfa3",
        "status": "affected"
      }
    ]
  }
]