SB2023081826 - Fedora EPEL 9 update for dcmtk

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023081826

SB2023081826 - Fedora EPEL 9 update for dcmtk

Published: August 18, 2023

Security Bulletin ID SB2023081826
Severity
Medium
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 88% Low 13%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Memory leak (CVE-ID: CVE-2021-41687)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.


2) Double Free (CVE-ID: CVE-2021-41688)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a double free error and perform a denial of service (DoS) attack.


3) NULL pointer dereference (CVE-ID: CVE-2021-41689)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


4) Memory leak (CVE-ID: CVE-2021-41690)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak. A remote attacker can force the application to leak memory and perform denial of service attack.


5) Path traversal (CVE-ID: CVE-2022-2119)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the service class provider (SCP). A remote attacker on the local network can send a specially crafted HTTP request and write arbitrary files on the system, leading to remote code execution.


6) Path traversal (CVE-ID: CVE-2022-2120)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in the service class user (SCU). A remote attacker can send a specially crafted HTTP request and write arbitrary files on the system, leading to remote code execution.


7) NULL pointer dereference (CVE-ID: CVE-2022-2121)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error while processing DICOM files. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


8) Memory leak (CVE-ID: CVE-2022-43272)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in T_ASC_Association object. A remote attacker can force the application to leak memory and perform denial of service attack.


Remediation

Install update from vendor's website.

References