CVE-2021-41689

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41689

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41689.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41689

Related

Published

2022-06-28T13:15:10Z

Modified

2024-09-18T03:16:42.789085Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

References

Affected packages

Debian:11 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.5-1

3.6.6-1~ext1

3.6.6-1

3.6.6-2

3.6.6-3

3.6.6-4~bpo11+1

3.6.6-4

3.6.6-5~bpo11+1

3.6.6-5

3.6.7-1

3.6.7-2

3.6.7-3

3.6.7-4

3.6.7-5

3.6.7-6~bpo11+1

3.6.7-6

3.6.7-7

3.6.7-8

3.6.7-9~deb12u1

3.6.7-9

3.6.7-9.1

3.6.7-11

3.6.7-12

3.6.7-13

3.6.7-14

3.6.7-15

3.6.8~git20221024.b8950f9-1

3.6.8~git20221024.b8950f9-2

3.6.8~git20221024.b8950f9-3

3.6.8~git20231027.1549d8c-1

3.6.8~git20231027.1549d8c-2

3.6.8-1

3.6.8-2

3.6.8-3

3.6.8-4

3.6.8-5

3.6.8-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dcmtk

Package

Name: dcmtk
Purl: pkg:deb/debian/dcmtk?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.7-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/dcmtk/dcmtk

Affected ranges

Type: GIT
Repo: https://github.com/dcmtk/dcmtk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5c14bf53fb42ceca12bbcc0016e8704b1580920d

Affected versions

CAR96-3.*

CAR96-3.0.1

CAR96-3.0.2

DCMTK-3.*

DCMTK-3.1.0

DCMTK-3.1.1

DCMTK-3.1.2

DCMTK-3.2.0

DCMTK-3.2.1

DCMTK-3.3.0

DCMTK-3.3.1

DCMTK-3.4.0

DCMTK-3.4.1

DCMTK-3.4.2

DCMTK-3.5.0

DCMTK-3.5.1

DCMTK-3.5.2

DCMTK-3.5.2a

DCMTK-3.5.3

DCMTK-3.5.4

DCMTK-3.6.0

DCMTK-3.6.1_20110225

DCMTK-3.6.1_20110519

DCMTK-3.6.1_20110707

DCMTK-3.6.1_20110922

DCMTK-3.6.1_20111208

DCMTK-3.6.1_20120222

DCMTK-3.6.1_20120515

DCMTK-3.6.1_20120831

DCMTK-3.6.1_20121102

DCMTK-3.6.1_20131114

DCMTK-3.6.1_20140617

DCMTK-3.6.1_20150217

DCMTK-3.6.1_20150629

DCMTK-3.6.1_20150924

DCMTK-3.6.1_20160216

DCMTK-3.6.1_20160630

DCMTK-3.6.1_20161102

DCMTK-3.6.1_20170228

DCMTK-3.6.2

DCMTK-3.6.3

DCMTK-3.6.4

DCMTK-3.6.5

DCMTK-3.6.5+_20191213

DCMTK-3.6.6