Vulnerability Type: Memory Leak
CVE Number:CVE-2022-43272
Vulnerability Version:
- DCMTK 3.6.7 (* -> git commit 8399564)
Fixed:
- git commit c34f4e46e
Vulnerability Impact:
The most obvious and immediate effect of a memory leak is to have less and less memory available on the system. Until all the available memory is used up eventually causing the system to crash with no available memory
Function Stack Information:
reproduce by ASAN
Leak1 in the function ASC_receiveAssociation in dcmnet/libsrc/assoc.cc
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f1d5528e808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x55d9e6867e0e in ASC_receiveAssociation(T_ASC_Network*, T_ASC_Association**, long, void**, unsigned long*, bool, DUL_BLOCKOPTIONS, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/assoc.cc:1767
#2 0x55d9e683aa15 in DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/libsrc/dcmqrsrv.cc:997
#3 0x55d9e67e1a76 in main /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/apps/dcmqrscp.cc:912
#4 0x7f1d52f58082 in __libc_start_main ../csu/libc-start.c:308
Leak2 in the function parseUserInfo in dcmtk/dcmnet/libsrc/dulparse.cc
Direct leak of 48 byte(s) in 1 object(s) allocated from:
#0 0x7f4819d59587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
#1 0x5602b309f792 in parseUserInfo /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulparse.cc:590
#2 0x5602b3099f21 in parseAssociate(unsigned char*, unsigned long, dul_associatepdu*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulparse.cc:265
#3 0x5602b3082e6c in AE_6_ExamineAssociateRequest /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulfsm.cc:1188
#4 0x5602b307f9cf in PRV_StateMachine(PRIVATE_NETWORKKEY**, PRIVATE_ASSOCIATIONKEY**, int, int, void*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulfsm.cc:778
#5 0x5602b306d6d6 in DUL_ReceiveAssociationRQ(void**, DUL_BLOCKOPTIONS, int, DUL_ASSOCIATESERVICEPARAMETERS*, void**, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dul.cc:715
#6 0x5602b30030d6 in ASC_receiveAssociation(T_ASC_Network*, T_ASC_Association**, long, void**, unsigned long*, bool, DUL_BLOCKOPTIONS, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/assoc.cc:1778
#7 0x5602b2fd5a15 in DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/libsrc/dcmqrsrv.cc:997
#8 0x5602b2f7ca76 in main /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/apps/dcmqrscp.cc:912
#9 0x7f4817a21082 in __libc_start_main ../csu/libc-start.c:308