Web: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41689

June 28, 2022, 1:15 p.m. |

National Vulnerability Database nist.gov

DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack.

cve

Information Security Analyst, Security Assurance Team

@ MongoDB | London

Sr. Security Consultant for Aerospace & Satellite Professional Services , Aerospace & Satellite Professional Services

@ Amazon.com | US, FL, Virtual Location - Florida

Cyber Threat Intelligence (CTI) Analyst

@ XOR Security | Alexandria, VA

SC2022-002063 Cyber Security Incident Investigator (NS) - TUE 30 Aug Relaunch

@ EMW, Inc. | Mons, Wallonia, Belgium

Senior SOC Analyst

@ XOR Security | Alexandria, VA

Cyber Protect Expert Engineer

@ Acronis | Bucharest, Bucharest, Romania