216.73.216.133

CVE-2025-14501

· Published 23/12/2025 22:15 · Modified 23/12/2025 22:15

Labels: CVE-2025-14501 2025-12-23CVE-2025-14501CWE-476[email protected]

Essential information

Published
23/12/2025 22:15
Modified
23/12/2025 22:15
Author
Creator
CVSS
7.5 HIGH (v3.0)
CISA KEV
No
CWE
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS metrics

Description

Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP Content-Length header. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-26770.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sante / pacs server cpe:2.3:a:sante:pacs_server:*:*:*:*:*:*:*:*

References