Vulnerability Description
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Offis | Dcmtk | < 3.6.8 |
Related Weaknesses (CWE)
References
- https://shimo.im/docs/e1Azd4dDQXUgOGqW/ExploitThird Party Advisory
- https://support.dcmtk.org/redmine/issues/1026ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.329029Permissions RequiredVDB Entry
- https://vuldb.com/?id.329029Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.673134Third Party AdvisoryVDB Entry
- https://shimo.im/docs/e1Azd4dDQXUgOGqW/readExploitThird Party Advisory
FAQ
What is CVE-2022-4981?
CVE-2022-4981 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation result...
How severe is CVE-2022-4981?
CVE-2022-4981 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-4981?
Check the references section above for vendor advisories and patch information. Affected products include: Offis Dcmtk.