Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
bug_report/DCMTK/memory_leak_in_3.6.7/
bug_report/DCMTK/memory_leak_in_3.6.7/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Vulnerability Type: Memory Leak

CVE Number:CVE-2022-43272

Vulnerability Version

  • DCMTK 3.6.7 (* -> git commit 8399564)

Fixed

Vulnerability Impact

The most obvious and immediate effect of a memory leak is to have less and less memory available on the system. Until all the available memory is used up eventually causing the system to crash with no available memory

Function Stack Information

reproduce by ASAN

Leak1 in the function ASC_receiveAssociation in dcmnet/libsrc/assoc.cc

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f1d5528e808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
    #1 0x55d9e6867e0e in ASC_receiveAssociation(T_ASC_Network*, T_ASC_Association**, long, void**, unsigned long*, bool, DUL_BLOCKOPTIONS, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/assoc.cc:1767
    #2 0x55d9e683aa15 in DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/libsrc/dcmqrsrv.cc:997
    #3 0x55d9e67e1a76 in main /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/apps/dcmqrscp.cc:912
    #4 0x7f1d52f58082 in __libc_start_main ../csu/libc-start.c:308

Leak2 in the function parseUserInfo in dcmtk/dcmnet/libsrc/dulparse.cc

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0x7f4819d59587 in operator new(unsigned long) ../../../../src/libsanitizer/asan/asan_new_delete.cc:104
    #1 0x5602b309f792 in parseUserInfo /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulparse.cc:590
    #2 0x5602b3099f21 in parseAssociate(unsigned char*, unsigned long, dul_associatepdu*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulparse.cc:265
    #3 0x5602b3082e6c in AE_6_ExamineAssociateRequest /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulfsm.cc:1188
    #4 0x5602b307f9cf in PRV_StateMachine(PRIVATE_NETWORKKEY**, PRIVATE_ASSOCIATIONKEY**, int, int, void*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dulfsm.cc:778
    #5 0x5602b306d6d6 in DUL_ReceiveAssociationRQ(void**, DUL_BLOCKOPTIONS, int, DUL_ASSOCIATESERVICEPARAMETERS*, void**, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/dul.cc:715
    #6 0x5602b30030d6 in ASC_receiveAssociation(T_ASC_Network*, T_ASC_Association**, long, void**, unsigned long*, bool, DUL_BLOCKOPTIONS, int) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmnet/libsrc/assoc.cc:1778
    #7 0x5602b2fd5a15 in DcmQueryRetrieveSCP::waitForAssociation(T_ASC_Network*) /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/libsrc/dcmqrsrv.cc:997
    #8 0x5602b2f7ca76 in main /home/ubuntu/Documents/protocol_implementation/dcmtk/dcmqrdb/apps/dcmqrscp.cc:912
    #9 0x7f4817a21082 in __libc_start_main ../csu/libc-start.c:308