CVE-2022-43272 - OpenCVE

DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Offis	Dcmtk

Configuration 1 [-]

cpe:2.3:a:offis:dcmtk:3.6.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/
https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-12-02T00:00:00

Updated: 2024-08-03T13:26:02.872Z

Reserved: 2022-10-17T00:00:00

Link: CVE-2022-43272

Vulnrichment

Updated: 2024-08-03T13:26:02.872Z

NVD

Status : Modified

Published: 2022-12-02T16:15:09.230

Modified: 2024-07-03T01:38:50.747

Link: CVE-2022-43272

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-43272", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T13:26:02.872Z", "dateReserved": "2022-10-17T00:00:00", "datePublished": "2022-12-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-28T19:06:13.523663"}, "descriptions": [{"lang": "en", "value": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"}, {"url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"}, {"name": "FEDORA-2023-fe6fa5696e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"}, {"name": "FEDORA-2023-83b529bd34", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"}, {"name": "FEDORA-2023-eda976b192", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"}, {"name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"affected": [{"vendor": "offis", "product": "dcmtk", "cpes": ["cpe:2.3:a:offis:dcmtk:3.6.7:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.6.7", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-02T16:53:28.265409Z", "id": "CVE-2022-43272", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T16:58:53.969Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:26:02.872Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw", "tags": ["x_transferred"]}, {"url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-fe6fa5696e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"}, {"name": "FEDORA-2023-83b529bd34", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"}, {"name": "FEDORA-2023-eda976b192", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"}, {"name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw", "tags": ["x_transferred"]}, {"url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/", "name": "FEDORA-2023-fe6fa5696e", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/", "name": "FEDORA-2023-83b529bd34", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/", "name": "FEDORA-2023-eda976b192", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:26:02.872Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-43272", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-02T16:53:28.265409Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:offis:dcmtk:3.6.7:*:*:*:*:*:*:*"], "vendor": "offis", "product": "dcmtk", "versions": [{"status": "affected", "version": "3.6.7"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-02T16:58:47.746Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"}, {"url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/", "name": "FEDORA-2023-fe6fa5696e", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/", "name": "FEDORA-2023-83b529bd34", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/", "name": "FEDORA-2023-eda976b192", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html", "name": "[debian-lts-announce] 20240628 [SECURITY] [DLA 3847-1] dcmtk security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-06-28T19:06:13.523663"}}}, "cveMetadata": {"cveId": "CVE-2022-43272", "state": "PUBLISHED", "dateUpdated": "2024-08-03T13:26:02.872Z", "dateReserved": "2022-10-17T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-12-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:offis:dcmtk:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "D3D3B412-35EF-4A63-9B04-208CB8313E04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object."}, {"lang": "es", "value": "Se descubri\u00f3 que DCMTK v3.6.7 conten\u00eda una p\u00e9rdida de memoria a trav\u00e9s del objeto T_ASC_Association."}], "id": "CVE-2022-43272", "lastModified": "2024-07-03T01:38:50.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-02T16:15:09.230", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7"}, {"source": "cve@mitre.org", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4HROBSUUV2LZCYUNODI2YM7G7AYYO75B/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R3QG7MSHORLYAHDXMYG6FQKU4GOCRBCR/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UMQ2USESKF6OAZAH64OFHNK2HJIJVGPP/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.wolai.com/vaVuMxU4gGqFakbzvc9NYw"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}