OSV-2020-1849

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/rdkit/OSV-2020-1849.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-1849

Published

2020-09-26T00:00:14.118761Z

Modified

2022-04-13T03:37:09.700307Z

Summary

Use-of-uninitialized-value in RDKit::SubstanceGroup::getBondType

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25906

Crash type: Use-of-uninitialized-value
Crash state:
RDKit::SubstanceGroup::getBondType
RDKit::SubstanceGroup::addCState
RDKit::SGroupParsing::ParseSGroupV2000SBVLine

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25906

Affected packages

OSS-Fuzz / rdkit

Package

Name: rdkit
Purl: pkg:generic/rdkit

Affected ranges

Type: GIT
Repo: https://github.com/rdkit/rdkit.git
Events: Introduced

a9010da8a4af17479c706f2cf4e8c6acdc1585ce

Fixed

193f27730c3b3bb5068e56858ea90a3ddcc92a8e

Fixed

c660758abce8852c99d7d7a167a9e0bd2168eb55

Affected versions

Other

Release_2020_09_1

Release_2020_09_1b1

Release_2020_09_2

Release_2020_09_3

Release_2020_09_4

Release_2020_09_5

Release_2021_03_1

Release_2021_03_1b1

Ecosystem specific

{
    "severity": "MEDIUM"
}

Database specific

{
    "fixed_range": "0b934953a264e0e8c59e31c009bf9cb285e978c4:193f27730c3b3bb5068e56858ea90a3ddcc92a8e"
}