Lucene search

NozomiCVE-2024-23914

HistoryMay 03, 2024 - 9:15 a.m.

CVE-2024-23914

2024-05-0309:15:08

CWE-134

Nozomi

web.nvd.nist.gov

merge dicom toolkit

externally-controlled format string

dicom association

windows

unhandled exception

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.

When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.

CNA Affected

[
  {
    "collectionURL": "https://www.merative.com/merge-imaging/dicom-toolkit",
    "defaultStatus": "unaffected",
    "packageName": "Merge DICOM Toolkit C/C++ 64-bit Microsoft Windows",
    "platforms": [
      "Windows"
    ],
    "product": "Merge DICOM Toolkit C/C++",
    "programRoutines": [
      {
        "name": "MC_Open_Association"
      }
    ],
    "vendor": "Merative",
    "versions": [
      {
        "lessThanOrEqual": "v5.17.0",
        "status": "affected",
        "version": "v5.6.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23914

CVSS3

5.7

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-23914