Vulnerabilities > CVE-2018-3985 - Double Free vulnerability in Getcujo Smart Firewall 7003

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

getcujo

CWE-415

critical

NVD

Published: 2019-03-21

Updated: 2023-02-03

Summary

An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Getcujo Getcujo Smart Firewall 7003	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

Talos

id	TALOS-2018-0653
last seen	2019-05-29
published	2019-03-19
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0653
title	CUJO Smart Firewall mdnscap mDNS record parsing code execution vulnerability

References

https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653