CVE-2022-43607: 
Linux Debian vulnerability analysis and mitigation

An out-of-bounds write vulnerability (CVE-2022-43607) was discovered in Open Babel 3.1.1 and master commit 530dbfa3. The vulnerability exists in the MOL2 format attribute and value functionality. Open Babel is a popular library for converting chemical file formats, supporting approximately 130 different file formats and implementing bindings for several programming languages (Talos Report).

The vulnerability occurs in the MOL2 format parsing functionality during ReadMolecule operation. The issue stems from the use of sscanf with an unconstrained '%s' format specifier when processing input files. Two char arrays of size 32 are defined for attr and val buffers, but the sscanf operation can write beyond these bounds, leading to a stack buffer overflow. The vulnerability has received a CVSS v3.1 base score of 8.1 (HIGH) with the vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (Talos Report).

If successfully exploited, this vulnerability could lead to arbitrary code execution on the affected system. The impact is particularly significant because Open Babel is widely used in online chemical format converters and molecule viewers, making it potentially accessible via network (Talos Report).

As of the public disclosure, no official patch has been released by the maintainer during the standard 90-day disclosure window. The vendor was initially contacted on December 20, 2022, and the vulnerability was disclosed to them on January 12, 2023 (Talos Report).