CVE-2022-4981

A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
dcmtk
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
forky
3.6.9-5
fixed
sid
3.6.9-5
fixed
trixie
3.6.9-5
fixed
Common Weakness Enumeration
References
https://shimo.im/docs/e1Azd4dDQXUgOGqW/
https://support.dcmtk.org/redmine/issues/1026
https://vuldb.com/?ctiid.329029
https://vuldb.com/?id.329029
https://vuldb.com/?submit.673134
https://shimo.im/docs/e1Azd4dDQXUgOGqW/read