Skip to content

Commit 4606e55

Browse files
1 parent e8c99e1 commit 4606e55

3 files changed

Lines changed: 165 additions & 56 deletions

File tree

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9p6c-jcw8-x98f",
4+
"modified": "2026-06-30T21:26:53Z",
5+
"published": "2025-09-26T03:31:07Z",
6+
"withdrawn": "2026-06-30T21:26:53Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles",
9+
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-j35x-w4gj-pf7w. This link is maintained to preserve external references.\n\n## Original Description\nA vulnerability was detected in Open Babel up to 3.1.1. This issue affects the function OBSmilesParser::ParseSmiles of the file /src/formats/smilesformat.cpp. Performing manipulation results in heap-based buffer overflow. The attack needs to be approached locally. The exploit is now public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
{
22+
"package": {
23+
"ecosystem": "PyPI",
24+
"name": "openbabel"
25+
},
26+
"ranges": [
27+
{
28+
"type": "ECOSYSTEM",
29+
"events": [
30+
{
31+
"introduced": "0"
32+
},
33+
{
34+
"fixed": "3.2.0"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "ADVISORY",
44+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10996"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/openbabel/openbabel/issues/2831"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://github.com/user-attachments/files/22318556/poc.zip"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/?ctiid.325924"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://vuldb.com/?id.325924"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://vuldb.com/?submit.654060"
65+
}
66+
],
67+
"database_specific": {
68+
"cwe_ids": [
69+
"CWE-119"
70+
],
71+
"severity": "LOW",
72+
"github_reviewed": true,
73+
"github_reviewed_at": "2026-06-30T21:26:53Z",
74+
"nvd_published_at": "2025-09-26T03:15:43Z"
75+
}
76+
}
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j35x-w4gj-pf7w",
4+
"modified": "2026-06-30T21:27:29Z",
5+
"published": "2026-06-30T21:27:29Z",
6+
"aliases": [
7+
"CVE-2025-10996"
8+
],
9+
"summary": "Open Babel has heap buffer overflow in SMILES OBSmilesParser::ParseSmiles",
10+
"details": "### Summary\n\nA memory-safety vulnerability in Open Babel's SMILES parser caused a\nheap buffer overflow when reading a crafted input string.\n\n### Details\n\nThe flaw was in `OBSmilesParser::ParseSmiles`. A malformed SMILES\ninput caused the parser to write past the end of a heap-allocated\nbuffer.\n\n### Impact\n\nOpen Babel is a C++ library and CLI used to read and write chemistry\nfile formats; it is shipped by Linux distributions and embedded in\nservices that may parse untrusted input. Triggering this vulnerability\nrequires the victim to parse a malicious SMILES string with the\n`obabel` tool, the `OBConversion` API, or any of the language\nbindings (Python, Ruby, Java, R, Perl, C#, PHP). SMILES strings are\ncommonly passed on the command line and through scripted pipelines,\nso this primitive is especially reachable.\n\n### Affected versions\n\nAll releases up to and including 3.1.1.\n\n### Patched version\n\n3.2.0 (released 2026-05-26).\n\n### Patch\n\nFix commit: https://github.com/openbabel/openbabel/commit/b34cd604\nOriginally reported as #2831; fixes consolidated in #2913.\n\nA minimized reproducer for this CVE is checked in under\n`test/files/fuzz_regress/` and is exercised on every CI build under\nASAN+UBSAN by the `fuzzregresstest` harness.\n\n### Credit\n\nReported via OSS-Fuzz.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "openbabel"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "3.2.0"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
38+
"references": [
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/openbabel/openbabel/security/advisories/GHSA-j35x-w4gj-pf7w"
42+
},
43+
{
44+
"type": "ADVISORY",
45+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10996"
46+
},
47+
{
48+
"type": "WEB",
49+
"url": "https://github.com/openbabel/openbabel/issues/2831"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/openbabel/openbabel/pull/2913"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/openbabel/openbabel/commit/b34cd604"
58+
},
59+
{
60+
"type": "PACKAGE",
61+
"url": "https://github.com/openbabel/openbabel"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/user-attachments/files/22318556/poc.zip"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://vuldb.com/?ctiid.325924"
70+
},
71+
{
72+
"type": "WEB",
73+
"url": "https://vuldb.com/?id.325924"
74+
},
75+
{
76+
"type": "WEB",
77+
"url": "https://vuldb.com/?submit.654060"
78+
}
79+
],
80+
"database_specific": {
81+
"cwe_ids": [
82+
"CWE-119"
83+
],
84+
"severity": "HIGH",
85+
"github_reviewed": true,
86+
"github_reviewed_at": "2026-06-30T21:27:29Z",
87+
"nvd_published_at": null
88+
}
89+
}

advisories/unreviewed/2025/09/GHSA-9p6c-jcw8-x98f/GHSA-9p6c-jcw8-x98f.json

Lines changed: 0 additions & 56 deletions
This file was deleted.

0 commit comments

Comments
 (0)