Microsoft
CVE-2024-23914
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from Vendor (nozominetworks) · only source for this CVE.
CVSS VectorVendor: nozominetworks
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows.
When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.
AnalysisAI
Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-134. Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same weakness CWE-134 – Use of Externally-Controlled Format String
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today