CVE-2018-3985
CRITICALCUJO Smart Firewall - Unauthenticated Double Free in mDNS Packet Parser
Title source: llmDescription
An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653
Scores
CVSS v3
9.8
EPSS
0.0186
EPSS Percentile
76.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-415
Status
published
Products (1)
getcujo/smart_firewall
7003
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026