cbcvebase.
CVE-2021-41689
published 2022-06-28

CVE-2021-41689: DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result…

PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.69%
74.2th percentile
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

Affected

18 ranges
VendorProductVersion rangeFixed in
debiandcmtk< dcmtk 3.6.7-1 (bookworm)dcmtk 3.6.7-1 (bookworm)
offisdcmtk<= 3.6.6
offisdcmtk>= 0 < 3.6.5-1+deb11u13.6.5-1+deb11u1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.7-13.6.7-1
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.13.6.4-2.1ubuntu0.1
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.23.6.4-2.1ubuntu0.2
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm23.6.1~20150924-5ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm13.6.1~20150924-5ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.1~20150924-5ubuntu0.1~esm33.6.1~20150924-5ubuntu0.1~esm3
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm23.6.2-3ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm13.6.2-3ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.2-3ubuntu0.1~esm33.6.2-3ubuntu0.1~esm3
offisdcmtk>= 0 < 3.6.4-2.1ubuntu0.1~esm13.6.4-2.1ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.6-5ubuntu0.1~esm23.6.6-5ubuntu0.1~esm2
offisdcmtk>= 0 < 3.6.6-5ubuntu0.1~esm13.6.6-5ubuntu0.1~esm1
offisdcmtk>= 0 < 3.6.7-9.1ubuntu0.1~esm13.6.7-9.1ubuntu0.1~esm1

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.