CVE-2021-41689
Description
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.11
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| OFFIS DICOM toolkit command line utilities (USN-7010-1) dcmtk_3.6.4-2.1ubuntu0.1_amd64.deb | Linux |
| OFFIS DICOM toolkit command line utilities (USN-7010-1) libdcmtk14_3.6.4-2.1ubuntu0.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234