CVE-2022-46289 – CVE-2022-46289 is a critical out-of-bounds writ... (How to Fix)

Q: What is the severity of CVE-2022-46289?

CVE-2022-46289 has a CVSS score of 9.8 (CRITICAL). CVE-2022-46289 is a critical out-of-bounds write vulnerability in Open Babel's ORCA format parser that allows arbitrary code execution when processing malicious files. Users and applications that parse chemical file formats with vulnerable Open Babel versions are affected. Attackers can achieve remote code execution by tricking users or automated systems into opening specially crafted files.

📋 TL;DR

CVE-2022-46289 is a critical out-of-bounds write vulnerability in Open Babel's ORCA format parser that allows arbitrary code execution when processing malicious files. Users and applications that parse chemical file formats with vulnerable Open Babel versions are affected. Attackers can achieve remote code execution by tricking users or automated systems into opening specially crafted files.

💻 Affected Systems

Products:

Open Babel

Versions: 3.1.1 and master commit 530dbfa3 (likely affects earlier versions with ORCA format support)

Operating Systems: Linux, Windows, macOS, All platforms running Open Babel

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using Open Babel library to parse chemical files, particularly ORCA format files, is vulnerable. This includes cheminformatics software, research tools, and automated processing pipelines.

📦 What is this software?

Open Babel by Openbabel

View all CVEs affecting Open Babel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the affected system, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Remote code execution in the context of the application/user processing the malicious file, allowing file system access, data exfiltration, and further exploitation.

🟢

If Mitigated

Denial of service or application crash if memory protections prevent code execution, but system integrity remains compromised.

🌐 Internet-Facing: HIGH - Any service accepting file uploads or processing user-provided chemical files could be exploited remotely without authentication.

🏢 Internal Only: MEDIUM - Internal users could exploit via shared files or automated processing systems, but requires some level of access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires a specially crafted file but no authentication. Public technical details exist in the Talos reports, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Open Babel 3.1.2 or later

Vendor Advisory: https://github.com/openbabel/openbabel/security/advisories

Restart Required: Yes

Instructions:

1. Update Open Babel to version 3.1.2 or later. 2. Rebuild any applications using Open Babel as a library. 3. Restart affected services and applications.

🔧 Temporary Workarounds

Disable ORCA format parsing

all

Remove or disable ORCA format support in Open Babel configuration

Modify Open Babel configuration to exclude ORCA format handlers

Input validation and sandboxing

linux

Implement strict file validation and run Open Babel in isolated containers

docker run --read-only --security-opt no-new-privileges openbabel-container

🧯 If You Can't Patch

Implement strict file upload validation rejecting ORCA format files
Run Open Babel processes with minimal privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check Open Babel version with 'obabel -V' or 'openbabel --version'. If version is 3.1.1 or earlier master commits around 530dbfa3, system is vulnerable.

Check Version:

obabel -V 2>&1 | head -1

Verify Fix Applied:

Confirm version is 3.1.2 or later using 'obabel -V'. Test with known safe ORCA format files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unexpected process spawning from Open Babel
Large numbers of ORCA format file processing errors

Network Indicators:

Unexpected outbound connections from Open Babel processes
File uploads containing ORCA format to vulnerable services

SIEM Query:

process_name:"obabel" OR process_name:"openbabel" AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2022-46289

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: July 21, 2023

Last Updated: November 4, 2025

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 Exploit,Technical Description,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 Exploit,Technical Description,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1665

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-46289, you might also want to check these: