CVE-2021-41690 - OpenCVE

DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Offis	Dcmtk

Configuration 1 [-]

cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/DCMTK/dcmtk	Product Third Party Advisory
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-06-28T09:41:00

Updated: 2024-07-09T18:13:26.233Z

Reserved: 2021-09-27T00:00:00

Link: CVE-2021-41690

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-06-28T13:15:10.783

Modified: 2022-07-06T19:43:33.627

Link: CVE-2021-41690

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F06D153-851C-4E6F-B524-2A8D40A8F634", "versionEndIncluding": "3.6.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack."}, {"lang": "es", "value": "DCMTK versiones hasta 3.6.6 no maneja apropiadamente la memoria libre. La memoria mallocada para almacenar toda la informaci\u00f3n de los archivos es registrada en una variable global LST y no es liberada apropiadamente. El env\u00edo de peticiones espec\u00edficas al programa dcmqrdb puede incurrir en una p\u00e9rdida de memoria. Un atacante puede usarla para lanzar un ataque DoS"}], "id": "CVE-2021-41690", "lastModified": "2022-07-06T19:43:33.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-06-28T13:15:10.783", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/DCMTK/dcmtk"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}