Login Sign Up

CVE-2022-37331

7.3 HIGH
Remote Code Execution

📋 TL;DR

An out-of-bounds write vulnerability in Open Babel's Gaussian format orientation functionality allows arbitrary code execution when processing malicious files. This affects Open Babel 3.1.1 and development versions, potentially impacting any application or service that uses Open Babel for chemical file format conversion.

💻 Affected Systems

Products:
  • Open Babel
Versions: 3.1.1 and development versions including master commit 530dbfa3
Operating Systems: All platforms running Open Babel
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using Open Babel for Gaussian format file processing is vulnerable.

📦 What is this software?

Open Babel by Openbabel

View all CVEs affecting Open Babel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution leading to data theft, ransomware deployment, or complete system takeover.

🟠

Likely Case

Local privilege escalation or application compromise when users process untrusted chemical files.

🟢

If Mitigated

Denial of service or application crash if memory protections prevent code execution.

🌐 Internet-Facing: MEDIUM - Requires file upload/processing capability; not directly network exploitable.
🏢 Internal Only: MEDIUM - Users must process malicious files; risk depends on file processing workflows.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to process a malicious Gaussian format file; Talos Intelligence has published detailed analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Open Babel 3.1.2 or later

Vendor Advisory: https://github.com/openbabel/openbabel/security/advisories

Restart Required: Yes

Instructions:

1. Update Open Babel to version 3.1.2 or later. 2. Recompile any applications using Open Babel libraries. 3. Restart affected services.

🔧 Temporary Workarounds

Disable Gaussian format processing

all

Remove or disable Gaussian format support in Open Babel configuration

# Recompile Open Babel with --disable-gaussian flag
# Or modify configuration to reject .gau/.gjf files

Input validation

all

Implement strict file validation before passing to Open Babel

# Add file type verification in calling applications
# Reject files with suspicious Gaussian format characteristics

🧯 If You Can't Patch

  • Implement strict file upload controls and sandbox Open Babel processing
  • Use application allowlisting to prevent execution of unknown binaries

🔍 How to Verify

Check if Vulnerable:

Check Open Babel version: obabel -V. If version is 3.1.1 or development version around commit 530dbfa3, system is vulnerable.

Check Version:

obabel -V

Verify Fix Applied:

Verify Open Babel version is 3.1.2 or later: obabel -V | grep -q '3.1.[2-9]\|3.[2-9]'

📡 Detection & Monitoring

Log Indicators:

  • Open Babel process crashes with segmentation faults
  • Unexpected child process spawning from Open Babel
  • Abnormal file processing of Gaussian format files

Network Indicators:

  • File uploads with Gaussian format extensions (.gau, .gjf) to processing services

SIEM Query:

process_name:"obabel" AND (event_type:"crash" OR parent_process:"obabel")

📊 Metadata

CVE ID: CVE-2022-37331
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
Published: July 21, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37331, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)