CVE-2018-4011
HIGHCUJO Smart Firewall 7003 - Unauthenticated Integer Underflow via mDNS SRV Record Parsing
Title source: llmDescription
An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681
Scores
CVSS v3
7.5
EPSS
0.0132
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-191
Status
published
Products (1)
getcujo/smart_firewall
7003
Published
Mar 21, 2019
Tracked Since
Feb 18, 2026