OSV-2020-1366

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/rdkit/OSV-2020-1366.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-1366

Published

2020-07-28T00:00:03.076252Z

Modified

2022-04-13T03:29:38.667934Z

Summary

Heap-use-after-free in RDKit::SubstanceGroup::addParentAtomWithBookmark

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24406

Crash type: Heap-use-after-free READ 4
Crash state:
RDKit::SubstanceGroup::addParentAtomWithBookmark
RDKit::SGroupParsing::ParseSGroupV2000VectorDataLine
RDKit::ParseMolBlockProperties

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24406

Affected packages

OSS-Fuzz / rdkit

Package

Name: rdkit
Purl: pkg:generic/rdkit

Affected ranges

Type: GIT
Repo: https://github.com/rdkit/rdkit.git
Events: Introduced

a9010da8a4af17479c706f2cf4e8c6acdc1585ce

Fixed

193f27730c3b3bb5068e56858ea90a3ddcc92a8e

Fixed

c660758abce8852c99d7d7a167a9e0bd2168eb55

Affected versions

Other

Release_2020_09_1

Release_2020_09_1b1

Release_2020_09_2

Release_2020_09_3

Release_2020_09_4

Release_2020_09_5

Release_2021_03_1

Release_2021_03_1b1

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "fixed_range": "0b934953a264e0e8c59e31c009bf9cb285e978c4:193f27730c3b3bb5068e56858ea90a3ddcc92a8e"
}