Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-41688

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-28 Jun, 2022 | 09:44
Updated At-04 Aug, 2024 | 03:15
Rejected At-
Credits

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:28 Jun, 2022 | 09:44
Updated At:04 Aug, 2024 | 03:15
Rejected At:
▼CVE Numbering Authority (CNA)

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/DCMTK/dcmtk
N/A
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
N/A
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
mailing-list
Hyperlink: https://github.com/DCMTK/dcmtk
Resource: N/A
Hyperlink: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
Resource: N/A
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
Resource:
mailing-list
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/DCMTK/dcmtk
x_transferred
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
mailing-list
x_transferred
Hyperlink: https://github.com/DCMTK/dcmtk
Resource:
x_transferred
Hyperlink: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
Resource:
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
Resource:
mailing-list
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:28 Jun, 2022 | 13:15
Updated At:28 Jun, 2024 | 19:15

DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
offis
offis
>>dcmtk>>Versions up to 3.6.6(inclusive)
cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-415Primarynvd@nist.gov
CWE ID: CWE-415
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/DCMTK/dcmtkcve@mitre.org
Product
Third Party Advisory
https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cbcve@mitre.org
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/06/msg00022.htmlcve@mitre.org
N/A
Hyperlink: https://github.com/DCMTK/dcmtk
Source: cve@mitre.org
Resource:
Product
Third Party Advisory
Hyperlink: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2024/06/msg00022.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

60Records found
CVE-2021-40145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.31%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 00:34
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes.

Action-Not Available
Vendor-libgdn/a
Product-libgdn/a
CWE ID-CWE-415
Double Free
CVE-2017-6362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 83.53%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 13:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Double free vulnerability in the gdImagePngPtr function in libgd2 before 2.2.5 allows remote attackers to cause a denial of service via vectors related to a palette with no colors.

Action-Not Available
Vendor-libgdn/aDebian GNU/LinuxCanonical Ltd.Fedora Project
Product-ubuntu_linuxlibgddebian_linuxfedoran/a
CWE ID-CWE-415
Double Free
CVE-2017-5836
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.57%
||
7 Day CHG~0.00%
Published-03 Mar, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.

Action-Not Available
Vendor-libimobiledevicen/a
Product-libplistn/a
CWE ID-CWE-415
Double Free
CVE-2021-34768
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.21% / 43.40%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:26
Updated-07 Nov, 2024 | 21:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-40_wireless_controllercatalyst_9800-40catalyst_9800-l-ccatalyst_9800-80_wireless_controllercatalyst_9800_embedded_wireless_controllercatalyst_9800catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software
CWE ID-CWE-415
Double Free
CVE-2017-18594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.17% / 77.79%
||
7 Day CHG~0.00%
Published-28 Aug, 2019 | 23:50
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.

Action-Not Available
Vendor-nmapn/a
Product-nmapn/a
CWE ID-CWE-415
Double Free
CVE-2011-2335
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.09%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 19:51
Updated-06 Aug, 2024 | 23:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

Action-Not Available
Vendor-Google LLC
Product-blinkChrome
CWE ID-CWE-415
Double Free
CVE-2022-36234
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.15%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 22:50
Updated-03 Aug, 2024 | 10:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets.

Action-Not Available
Vendor-simplenetwork_projectn/a
Product-simplenetworkn/a
CWE ID-CWE-415
Double Free
CVE-2022-31291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.58%
||
7 Day CHG~0.00%
Published-16 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.

Action-Not Available
Vendor-genivin/aDebian GNU/Linux
Product-debian_linuxdiagnostic_log_and_tracen/a
CWE ID-CWE-415
Double Free
CVE-2021-29938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.17%
||
7 Day CHG~0.00%
Published-01 Apr, 2021 | 04:23
Updated-03 Aug, 2024 | 22:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function.

Action-Not Available
Vendor-slice-deque_projectn/a
Product-slice-dequen/a
CWE ID-CWE-415
Double Free
CVE-2021-1565
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.24% / 46.74%
||
7 Day CHG~0.00%
Published-23 Sep, 2021 | 02:30
Updated-07 Nov, 2024 | 21:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Denial of Service Vulnerabilities

Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit the vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_9300-24u-ecatalyst_9300-48t-ecatalyst_9400_supervisor_engine-1catalyst_9300l-48t-4g-ecatalyst_9300l-48p-4g-acatalyst_9300l-48p-4g-ecatalyst_9300-48un-acatalyst_9300l-24t-4g-acatalyst_9300l-48t-4g-acatalyst_9300l-24t-4x-acatalyst_9300l_stackcatalyst_9300l-24t-4x-ecatalyst_9300-48un-ecatalyst_9300-24p-ecatalyst_9800-l-ccatalyst_9300-48p-acatalyst_9300-24s-acatalyst_9300-48t-acatalyst_9300-48uxm-ecatalyst_9300l-24p-4g-ecatalyst_9300l-48t-4x-ecatalyst_9300l-48t-4x-acatalyst_9800-80catalyst_9300l-48p-4x-ecatalyst_9400catalyst_9800-l-fcatalyst_9800_firmwarecatalyst_9800-lcatalyst_9300l-24p-4g-acatalyst_9800-40catalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300l-48p-4x-aembedded_wireless_controllercatalyst_9300-24s-ecatalyst_9300-48u-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_9300-48u-acatalyst_9500catalyst_9300-48s-acatalyst_9300-24t-ecatalyst_9300l-24t-4g-eios_xecatalyst_9300l-24p-4x-acatalyst_9300-24t-acatalyst_9300-48s-ecatalyst_9410rcatalyst_9300-24u-acatalyst_9300lcatalyst_9300-48p-ecatalyst_9800-clcatalyst_9407rcatalyst_9300-24ux-eCisco IOS XE Software
CWE ID-CWE-415
Double Free
  • Previous
  • 1
  • 2
  • Next
Details not found