ID CVE-2021-41689
Summary DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
References
Vulnerable Configurations
  • cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:offis:dcmtk:3.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:offis:dcmtk:3.6.6:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 06-07-2022 - 19:44)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
Last major update 06-07-2022 - 19:44
Published 28-06-2022 - 13:15
Last modified 06-07-2022 - 19:44
Back to Top