Skip to content

Commit 6b15bde

Browse files
1 parent f23ff39 commit 6b15bde

3 files changed

Lines changed: 166 additions & 56 deletions

File tree

Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5fgf-q57f-wwqf",
4+
"modified": "2026-06-30T18:48:51Z",
5+
"published": "2025-09-26T03:31:07Z",
6+
"withdrawn": "2026-06-30T18:48:51Z",
7+
"aliases": [],
8+
"summary": "Duplicate Advisory: Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule",
9+
"details": "## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-pp85-5j63-xpq3. This link is maintained to preserve external references.\n\n## Original Description\nA weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [
21+
{
22+
"package": {
23+
"ecosystem": "PyPI",
24+
"name": "openbabel"
25+
},
26+
"ranges": [
27+
{
28+
"type": "ECOSYSTEM",
29+
"events": [
30+
{
31+
"introduced": "0"
32+
},
33+
{
34+
"fixed": "3.2.0"
35+
}
36+
]
37+
}
38+
]
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "ADVISORY",
44+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10994"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/openbabel/openbabel/issues/2834"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://github.com/user-attachments/files/22318611/poc.zip"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://vuldb.com/?ctiid.325922"
57+
},
58+
{
59+
"type": "WEB",
60+
"url": "https://vuldb.com/?id.325922"
61+
},
62+
{
63+
"type": "WEB",
64+
"url": "https://vuldb.com/?submit.654057"
65+
}
66+
],
67+
"database_specific": {
68+
"cwe_ids": [
69+
"CWE-119"
70+
],
71+
"severity": "LOW",
72+
"github_reviewed": true,
73+
"github_reviewed_at": "2026-06-30T18:48:51Z",
74+
"nvd_published_at": "2025-09-26T02:15:52Z"
75+
}
76+
}
Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-pp85-5j63-xpq3",
4+
"modified": "2026-06-30T18:48:57Z",
5+
"published": "2026-06-30T18:48:57Z",
6+
"aliases": [
7+
"CVE-2025-10994"
8+
],
9+
"summary": "Open Babel has Use-after-free in GAMESS GAMESSOutputFormat::ReadMolecule",
10+
"details": "### Summary\n\nA memory-safety vulnerability in Open Babel's GAMESS output parser\ncaused a use-after-free when reading a crafted input file.\n\n### Details\n\nThe flaw was in `GAMESSOutputFormat::ReadMolecule`. A malformed input\ncaused the parser to dereference a stale pointer after the underlying\nobject had been freed.\n\n### Impact\n\nOpen Babel is a C++ library and CLI used to read and write chemistry\nfile formats; it is shipped by Linux distributions and embedded in\nservices that may parse untrusted input. Triggering this vulnerability\nrequires the victim to open a malicious GAMESS output file with the\n`obabel` tool, the `OBConversion` API, or any of the language\nbindings (Python, Ruby, Java, R, Perl, C#, PHP).\n\n### Affected versions\n\nAll releases up to and including 3.1.1.\n\n### Patched version\n\n3.2.0 (released 2026-05-26).\n\n### Patch\n\nFix commit: https://github.com/openbabel/openbabel/commit/95033d27\nOriginally reported as #2834; fixes consolidated in #2913.\n\nA minimized reproducer for this CVE is checked in under\n`test/files/fuzz_regress/` and is exercised on every CI build under\nASAN+UBSAN by the `fuzzregresstest` harness.\n\n### Credit\n\nReported via OSS-Fuzz.",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
15+
},
16+
{
17+
"type": "CVSS_V4",
18+
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
19+
}
20+
],
21+
"affected": [
22+
{
23+
"package": {
24+
"ecosystem": "PyPI",
25+
"name": "openbabel"
26+
},
27+
"ranges": [
28+
{
29+
"type": "ECOSYSTEM",
30+
"events": [
31+
{
32+
"introduced": "0"
33+
},
34+
{
35+
"fixed": "3.2.0"
36+
}
37+
]
38+
}
39+
]
40+
}
41+
],
42+
"references": [
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/openbabel/openbabel/security/advisories/GHSA-pp85-5j63-xpq3"
46+
},
47+
{
48+
"type": "ADVISORY",
49+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10994"
50+
},
51+
{
52+
"type": "WEB",
53+
"url": "https://github.com/openbabel/openbabel/issues/2834"
54+
},
55+
{
56+
"type": "WEB",
57+
"url": "https://github.com/openbabel/openbabel/commit/95033d27d23c07f98daa92d3cd3ae5ea07594a91"
58+
},
59+
{
60+
"type": "PACKAGE",
61+
"url": "https://github.com/openbabel/openbabel"
62+
},
63+
{
64+
"type": "WEB",
65+
"url": "https://github.com/user-attachments/files/22318611/poc.zip"
66+
},
67+
{
68+
"type": "WEB",
69+
"url": "https://vuldb.com/?ctiid.325922"
70+
},
71+
{
72+
"type": "WEB",
73+
"url": "https://vuldb.com/?id.325922"
74+
},
75+
{
76+
"type": "WEB",
77+
"url": "https://vuldb.com/?submit.654057"
78+
}
79+
],
80+
"database_specific": {
81+
"cwe_ids": [
82+
"CWE-119",
83+
"CWE-416"
84+
],
85+
"severity": "LOW",
86+
"github_reviewed": true,
87+
"github_reviewed_at": "2026-06-30T18:48:57Z",
88+
"nvd_published_at": null
89+
}
90+
}

advisories/unreviewed/2025/09/GHSA-5fgf-q57f-wwqf/GHSA-5fgf-q57f-wwqf.json

Lines changed: 0 additions & 56 deletions
This file was deleted.

0 commit comments

Comments
 (0)