CVE-2020-36855
Last modified
CVE-2020-36855 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Offis | Dcmtk | < 3.6.6 |
References
- https://shimo.im/docs/rp3OMVMDPKtjn0km/Exploit, Third Party Advisory
- https://vuldb.com/?ctiid.329028Permissions Required, VDB Entry
- https://vuldb.com/?id.329028Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.673137Third Party Advisory, VDB Entry
- https://shimo.im/docs/rp3OMVMDPKtjn0km/readExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2020-36855?
How severe is CVE-2020-36855?
How do I fix CVE-2020-36855?
Are you affected by CVE-2020-36855?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST