oss-sec mailing list archives
CVE request - DCMTK remote stack buffer overflow
From: Gjoko Krstic <gjoko () zeroscience mk>
Date: Sat, 17 Dec 2016 16:52:06 +0100
*"At several places in the code a wrong length of ACSE data structures received over the network can cause overflows or underflows when processing those data structures. Related checks have been added at various places in order to prevent such (possible) attacks. Thanks to Kevin Basista for the report."The bug will indeed affect all DCMTK-based server applications that accept incoming DICOM network connections that are using the dcmtk-3.6.0 and earlier versions. Developers are advised to apply the patched-DCMTK-3.6.1_20160216 fix commit from Dec 14, 2015.http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php <http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php>https://bugs.gentoo.org/show_bug.cgi?id=602918 <https://bugs.gentoo.org/show_bug.cgi?id=602918>*
Current thread:
- CVE request - DCMTK remote stack buffer overflow Gjoko Krstic (Dec 17)
- Re: CVE request - DCMTK remote stack buffer overflow cve-assign (Dec 17)