ID CVE-2018-3985
Summary An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:getcujo:smart_firewall:7003:*:*:*:*:*:*:*
    cpe:2.3:a:getcujo:smart_firewall:7003:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 03-02-2023 - 01:41)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
misc https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653
Last major update 03-02-2023 - 01:41
Published 21-03-2019 - 16:29
Last modified 03-02-2023 - 01:41
Back to Top