Description
A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.
References (7)
Core 7
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.346651
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.346651
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.754379
Issue Tracking issue-tracking
https://github.com/openbabel/openbabel/issues/2848
Issue Tracking issue-tracking
patch
https://github.com/openbabel/openbabel/pull/2862
Various Sources exploit
https://github.com/oneafter/0128/blob/main/ob2/repro.mol2
Scores
CVSS v3
4.3
EPSS
0.0067
EPSS Percentile
47.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-125
Status
published
Products (1)
openbabel/open_babel
< 3.1.1
Published
Feb 19, 2026
Tracked Since
Feb 19, 2026