CVE-2022-43467 – This critical vulnerability in Open Babel allow... (How to Fix)

Q: What is the severity of CVE-2022-43467?

CVE-2022-43467 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability in Open Babel allows arbitrary code execution through an out-of-bounds write when processing specially crafted PQS format files. Attackers can exploit this by providing malicious files to trigger the vulnerability. All systems running vulnerable versions of Open Babel that process untrusted PQS files are affected.

📋 TL;DR

This critical vulnerability in Open Babel allows arbitrary code execution through an out-of-bounds write when processing specially crafted PQS format files. Attackers can exploit this by providing malicious files to trigger the vulnerability. All systems running vulnerable versions of Open Babel that process untrusted PQS files are affected.

💻 Affected Systems

Products:

Open Babel

Versions: 3.1.1 and master commit 530dbfa3

Operating Systems: All platforms running Open Babel

Default Config Vulnerable: ⚠️ Yes

Notes: Any system that processes PQS format files with Open Babel is vulnerable. This includes chemical informatics systems, research software, and applications using Open Babel for chemical file conversion.

📦 What is this software?

Open Babel by Openbabel

View all CVEs affecting Open Babel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to execute arbitrary commands, install malware, or pivot to other systems in the network.

🟢

If Mitigated

Limited impact if proper input validation and file processing restrictions are in place, potentially reduced to denial of service.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires only a malicious file to trigger, making exploitation straightforward. Public proof-of-concept exists in the Talos Intelligence report.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Open Babel 3.1.2 or later

Vendor Advisory: https://github.com/openbabel/openbabel/security/advisories/GHSA-4j4x-7p99-6jxf

Restart Required: No

Instructions:

1. Update Open Babel to version 3.1.2 or later. 2. For Linux systems: Use package manager (apt-get update && apt-get upgrade openbabel). 3. For source installations: Download latest version from GitHub and recompile. 4. Verify the update with 'obabel --version'.

🔧 Temporary Workarounds

Disable PQS file processing

all

Configure Open Babel to reject or skip PQS format files

obabel -L formats | grep -i pqs
# Review and modify configuration to exclude PQS format

Input validation and sandboxing

linux

Implement strict file validation and run Open Babel in restricted environment

# Use chroot, containers, or AppArmor/SELinux to restrict Open Babel

🧯 If You Can't Patch

Implement strict file upload controls and only allow trusted PQS files
Isolate Open Babel processes using containerization or virtualization

🔍 How to Verify

Check if Vulnerable:

Check Open Babel version with 'obabel --version' and compare to affected versions (3.1.1 or master commit 530dbfa3).

Check Version:

obabel --version

Verify Fix Applied:

Verify version is 3.1.2 or later with 'obabel --version' and test with sample PQS files from the Talos report.

📡 Detection & Monitoring

Log Indicators:

Segmentation faults or crashes in Open Babel processes
Unusual file processing of PQS format files
Suspicious command execution following file processing

Network Indicators:

Unexpected outbound connections from systems running Open Babel
File uploads to systems with Open Babel

SIEM Query:

Process:obabel AND (EventID:1000 OR EventID:1001) OR FileExtension:pqs

📊 Metadata

CVE ID: CVE-2022-43467

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: July 21, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 Exploit,Third Party Advisory,Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 Exploit,Third Party Advisory,Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1671

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-43467, you might also want to check these: