CVE-2021-41689

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/DCMTK/dcmtk	Product Third Party Advisory
https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-06-28 13:15

Updated : 2024-06-28 19:15

NVD link : CVE-2021-41689

Mitre link : CVE-2021-41689

CVE.ORG link : CVE-2021-41689

JSON object : View

Products Affected

offis

dcmtk

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2021-41689", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-06-28T13:15:10.587", "references": [{"url": "https://github.com/DCMTK/dcmtk", "tags": ["Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack."}, {"lang": "es", "value": "DCMTK versiones hasta 3.6.6 no maneja apropiadamente la copia de cadenas. Al enviar peticiones espec\u00edficas al programa dcmqrdb, \u00e9ste consulta su base de datos y copia el resultado incluso si \u00e9ste es nulo, lo que puede incurrir en un desbordamiento en la regi\u00f3n head de la memoria. Un atacante puede usarlo para lanzar un ataque DoS"}], "lastModified": "2024-06-28T19:15:03.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F06D153-851C-4E6F-B524-2A8D40A8F634", "versionEndIncluding": "3.6.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}