Primary

Context

Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Sante PACS Server. This issue arises from improper handling of the HTTP Content-Length header, which leads to a NULL pointer dereference. As a result, remote attackers can create a denial-of-service condition on affected installations. Notably, authentication is not required to exploit this vulnerability.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, leading to a disruption of the PACS server's normal operations.

Remediation

Users can upgrade to Sante PACS Server version 4.2.3 to address this vulnerability.

Added: Dec 23, 2025, 10:23 PM

Updated: Dec 23, 2025, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

7.0

remediation

7.7

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Sante PACS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating