http://bugzilla.opensuse.org/show_bug.cgi?id=1201180 Bug ID: 1201180 Summary: VUL-0: CVE-2021-41689: dcmtk: sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/335774/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs@suse.de Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-41689 DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41689 https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b158092... https://github.com/DCMTK/dcmtk -- You are receiving this mail because: You are on the CC list for the bug.