New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
numerous vulnerabilities reported by cisco TALOS #2650
Comments
Thanks for opening your first issue here! Be sure to follow the issue template! |
Cisco contacted me with a short window to fix these. Considering openbabel is used primarily in informatics, I'm not sure what some of these vulnerabilities get you. You craft a specific Gaussian output file that allows you to hijack the I don't want to downplay these - they're definitely bugs and should be fixed before the next release. But |
I guess a potential attack vector would be If someone were running a publicly exposed webapp that did conversions, and an attacker combined it with a privilege escalation vulnerability, they would have control of the server. |
This has been brought up by the Debian security team as well: https://bugs.debian.org/1059277 |
Hi, a number of CVEs have been issued against openbabel by Cisco's security research unit:
With these advisories:
Did Cisco ever contact this repository's owners about these vulnerabilities? Are they valid? Are any fixed?
The text was updated successfully, but these errors were encountered: