CVE-2020-36855 (GCVE-0-2020-36855)

Vulnerability from cvelistv5 – Published: 2025-10-21 15:02 – Updated: 2025-10-21 15:23
VLAI?
Summary
A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.
Severity ?
4.8 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
5.3 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
5.3 (Medium)
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
CWE
Assigner
References
https://vuldb.com/?id.329028 vdb-entrytechnical-description
https://vuldb.com/?ctiid.329028 signaturepermissions-required
https://vuldb.com/?submit.673137 third-party-advisory
https://shimo.im/docs/rp3OMVMDPKtjn0km/ exploit
Impacted products
Vendor Product Version
n/a DCMTK Affected: 3.6.0
Affected: 3.6.1
Affected: 3.6.2
Affected: 3.6.3
Affected: 3.6.4
Affected: 3.6.5
Unaffected: 3.6.6
Credits
zh_vul (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-36855",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-21T15:23:22.095138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T15:23:26.003Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/read"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "dcmqrscp"
          ],
          "product": "DCMTK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.6.0"
            },
            {
              "status": "affected",
              "version": "3.6.1"
            },
            {
              "status": "affected",
              "version": "3.6.2"
            },
            {
              "status": "affected",
              "version": "3.6.3"
            },
            {
              "status": "affected",
              "version": "3.6.4"
            },
            {
              "status": "affected",
              "version": "3.6.5"
            },
            {
              "status": "unaffected",
              "version": "3.6.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "zh_vul (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in DCMTK up to 3.6.5 gefunden. Hiervon betroffen ist die Funktion parseQuota der Komponente dcmqrscp. Dank der Manipulation des Arguments StorageQuota mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Ein Aktualisieren auf die Version 3.6.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 0fef9f02e bezeichnet. Ein Upgrade der betroffenen Komponente wird empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T15:02:09.082Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-329028 | DCMTK dcmqrscp parseQuota stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.329028"
        },
        {
          "name": "VDB-329028 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.329028"
        },
        {
          "name": "Submit #673137 | DCMTK GitHub Repository DCMTK 3.6.5 Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.673137"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://shimo.im/docs/rp3OMVMDPKtjn0km/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-19T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-19T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-19T12:32:57.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "DCMTK dcmqrscp parseQuota stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2020-36855",
    "datePublished": "2025-10-21T15:02:09.082Z",
    "dateReserved": "2025-10-19T10:27:07.409Z",
    "dateUpdated": "2025-10-21T15:23:26.003Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-36855\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-10-21T15:15:36.750\",\"lastModified\":\"2025-10-31T15:04:02.253\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:offis:dcmtk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.6.6\",\"matchCriteriaId\":\"7A8AEFC2-3255-4DE9-8C84-093991E3DC3F\"}]}]}],\"references\":[{\"url\":\"https://shimo.im/docs/rp3OMVMDPKtjn0km/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.329028\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.329028\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.673137\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://shimo.im/docs/rp3OMVMDPKtjn0km/read\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-36855\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-21T15:23:22.095138Z\"}}}], \"references\": [{\"url\": \"https://shimo.im/docs/rp3OMVMDPKtjn0km/read\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-21T15:23:15.793Z\"}}], \"cna\": {\"title\": \"DCMTK dcmqrscp parseQuota stack-based overflow\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"zh_vul (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4.3, \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"dcmqrscp\"], \"product\": \"DCMTK\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.6.0\"}, {\"status\": \"affected\", \"version\": \"3.6.1\"}, {\"status\": \"affected\", \"version\": \"3.6.2\"}, {\"status\": \"affected\", \"version\": \"3.6.3\"}, {\"status\": \"affected\", \"version\": \"3.6.4\"}, {\"status\": \"affected\", \"version\": \"3.6.5\"}, {\"status\": \"unaffected\", \"version\": \"3.6.6\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-19T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-10-19T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-10-19T12:32:57.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.329028\", \"name\": \"VDB-329028 | DCMTK dcmqrscp parseQuota stack-based overflow\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.329028\", \"name\": \"VDB-329028 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.673137\", \"name\": \"Submit #673137 | DCMTK GitHub Repository DCMTK 3.6.5 Stack-based Buffer Overflow\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://shimo.im/docs/rp3OMVMDPKtjn0km/\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. Upgrading to version 3.6.6 is sufficient to fix this issue. The identifier of the patch is 0fef9f02e. It is recommended to upgrade the affected component.\"}, {\"lang\": \"de\", \"value\": \"Eine Schwachstelle wurde in DCMTK up to 3.6.5 gefunden. Hiervon betroffen ist die Funktion parseQuota der Komponente dcmqrscp. Dank der Manipulation des Arguments StorageQuota mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \\u00f6ffentlich verf\\u00fcgbar und k\\u00f6nnte genutzt werden. Ein Aktualisieren auf die Version 3.6.6 vermag dieses Problem zu l\\u00f6sen. Der Patch wird als 0fef9f02e bezeichnet. Ein Upgrade der betroffenen Komponente wird empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"Stack-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-10-21T15:02:09.082Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-36855\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T15:23:26.003Z\", \"dateReserved\": \"2025-10-19T10:27:07.409Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-10-21T15:02:09.082Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.