Vulnerability Details : CVE-2021-41689
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
Vulnerability category: Denial of service
Products affected by CVE-2021-41689
- cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41689
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41689
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-08-01 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-41689
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2021-41689
-
https://github.com/DCMTK/dcmtk
GitHub - DCMTK/dcmtk: Official DCMTK Github MirrorProduct;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
[SECURITY] [DLA 3847-1] dcmtk security update
-
https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d
Fixed possible NULL pointer dereference. · DCMTK/dcmtk@5c14bf5 · GitHubPatch;Third Party Advisory
Jump to