CVE-2018-3985

CRITICAL

Getcujo Smart Firewall - Double Free

Title source: rule

Description

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

References (1)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653

Scores

CVSS v3 9.8

EPSS 0.0122

EPSS Percentile 78.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

getcujo/smart_firewall

Timeline

Published Mar 21, 2019

Tracked Since Feb 18, 2026