CVE-2021-41687 - DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsi

CVE-2021-41687

Summary

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack.

References

Vulnerable Configurations

cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.5:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.6:*:*:*:*:*:*:*
cpe:2.3:a:offis:dcmtk:3.6.6:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 06-07-2022 - 19:44)
Impact:
Exploitability:

CWE

CWE-401

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

06-07-2022 - 19:44

Published

28-06-2022 - 13:15

Last modified

06-07-2022 - 19:44