Hi,
Synk (Security Platform) reported Denial of Service incident on DCMTK in December 2022 due to memory leak via the T_ASC_Association object.
Plz refer link for reference (https://security.snyk.io/vuln/SNYK-UNMA ... TK-3153510).
I wanted to know if this has been fixed in dcmtk version 3.6.7 ?
I can see resolution as "A fix was pushed into the master branch but not yet published." on link above, so wanted to confirm whether this has been fixed and published as part of dcmtk version 3.6.7.
Kindly share commit Id of fix, in order to cherry pick.
Thanks,
Vishal
Security Assessment on dcmtk version 3.6.7
Moderator: Moderator Team
-
Marco Eichelberg
- OFFIS DICOM Team
- Posts: 1445
- Joined: Tue, 2004-11-02, 17:22
- Location: Oldenburg, Germany
- Contact:
Re: Security Assessment on dcmtk version 3.6.7
The issue report is called "memory_leak_in_3.6.7" which should tell you that this bug is present in 3.6.7.
It was fixed with commit c34f4e46e in June 2022. However, the bug only affects one tool (dcmqrscp), which leaks a few bytes of memory with each network connection handled.
Feel free to backport the fix, which is fairly trivial, to 3.6.7 release.
It was fixed with commit c34f4e46e in June 2022. However, the bug only affects one tool (dcmqrscp), which leaks a few bytes of memory with each network connection handled.
Feel free to backport the fix, which is fairly trivial, to 3.6.7 release.
Who is online
Users browsing this forum: Bing [Bot], Google [Bot], Majestic-12 [Bot] and 1 guest