CVE-2020-36855 – This CVE describes a stack-based buffer overflo... (How to Fix)

Q: What is the severity of CVE-2020-36855?

CVE-2020-36855 has a CVSS score of 5.3 (MEDIUM). This CVE describes a stack-based buffer overflow vulnerability in DCMTK's dcmqrscp component. Attackers with local access can exploit the parseQuota function by manipulating StorageQuota arguments, potentially leading to arbitrary code execution. Systems running DCMTK versions up to 3.6.5 are affected.

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in DCMTK's dcmqrscp component. Attackers with local access can exploit the parseQuota function by manipulating StorageQuota arguments, potentially leading to arbitrary code execution. Systems running DCMTK versions up to 3.6.5 are affected.

💻 Affected Systems

Products:

DCMTK (DICOM Toolkit)

Versions: Up to and including 3.6.5

Operating Systems: All platforms running DCMTK

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems using dcmqrscp component with StorageQuota functionality

📦 What is this software?

Dcmtk by Offis

View all CVEs affecting Dcmtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Local user gains elevated privileges or crashes the dcmqrscp service causing denial of service

🟢

If Mitigated

Service disruption or crash without privilege escalation if exploit fails or is detected

🌐 Internet-Facing: LOW - Requires local access, not remotely exploitable

🏢 Internal Only: MEDIUM - Local attackers could exploit if they gain access to vulnerable systems

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and knowledge of vulnerable configuration. Public disclosure exists but weaponization status unclear.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.6

Vendor Advisory: https://support.dcmtk.org/

Restart Required: Yes

Instructions:

1. Download DCMTK 3.6.6 from official sources. 2. Stop dcmqrscp service. 3. Install/upgrade to version 3.6.6. 4. Restart dcmqrscp service.

🔧 Temporary Workarounds

Disable StorageQuota functionality

all

Remove or restrict StorageQuota configuration in dcmqrscp settings

Edit dcmqrscp configuration to remove StorageQuota parameter

Restrict local access

all

Limit local user access to systems running dcmqrscp

Implement strict user access controls and privilege separation

🧯 If You Can't Patch

Implement strict local access controls and user privilege limitations
Monitor dcmqrscp process for abnormal behavior and crashes

🔍 How to Verify

Check if Vulnerable:

Check DCMTK version and verify if dcmqrscp is running with StorageQuota enabled

Check Version:

dcmtk-config --version

Verify Fix Applied:

Verify DCMTK version is 3.6.6 or later and test StorageQuota functionality

📡 Detection & Monitoring

Log Indicators:

dcmqrscp service crashes
Abnormal process termination
Stack overflow error messages

Network Indicators:

Local connection attempts to dcmqrscp from unusual accounts

SIEM Query:

Process: dcmqrscp AND (EventID: 1000 OR ExceptionCode: c0000409)

📊 Metadata

CVE ID: CVE-2020-36855

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.03% exploit probability (9.4th percentile)

Published: October 21, 2025

Last Updated: October 31, 2025

🔗 References

https://shimo.im/docs/rp3OMVMDPKtjn0km/ Exploit,Third Party Advisory
https://vuldb.com/?ctiid.329028 Permissions Required,VDB Entry
https://vuldb.com/?id.329028 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.673137 Third Party Advisory,VDB Entry
https://shimo.im/docs/rp3OMVMDPKtjn0km/read Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36855, you might also want to check these: