← voltar
CVE-2022-4981

DCMTK dcmqrscp dcmqrcnf.cc readPeerList null pointer dereference

CVSS 4.8 MEDIUMEPSS 0.3%CWE-404CWE-476
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.8EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit is now public and may be used. Upgrading to version 3.6.8 is sufficient to resolve this issue. The patch is identified as 957fb31e5. Upgrading the affected component is advised.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
n/a · DCMTK

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://shimo.im/docs/e1Azd4dDQXUgOGqW/https://shimo.im/docs/e1Azd4dDQXUgOGqW/readhttps://support.dcmtk.org/redmine/issues/1026https://vuldb.com/?ctiid.329029https://vuldb.com/?id.329029https://vuldb.com/?submit.673134