Integer Underflow (Wrap or Wraparound)

CVE-2018-4011

High

7.5/10

Summary

An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the "RDLENGTH" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-191 - Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

Advisory Timeline

Published Mar 21, 2019

Integer Underflow (Wrap or Wraparound)

CVE-2018-4011

Summary

CWE-191 - Integer Underflow (Wrap or Wraparound)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS