DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
References
Link | Resource |
---|---|
https://github.com/DCMTK/dcmtk | Product Third Party Advisory |
https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-28T09:38:17
Updated: 2024-06-28T19:06:03.859496
Reserved: 2021-09-27T00:00:00
Link: CVE-2021-41689
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-28T13:15:10.587
Modified: 2022-07-06T19:44:04.263
Link: CVE-2021-41689
JSON object: View
Redhat Information
No data.
CWE