PT-2019-10742 · Cujo · Cujo Smart Firewall
Published
2019-10-31
·
Updated
2023-02-03
·
CVE-2018-4002
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
CUJO Smart Firewall version 7003
Description
A denial-of-service issue exists due to unsafe handling of label compression pointers in mDNS packets by the mdnscap binary, leading to uncontrolled recursion and eventual stack exhaustion, causing the mdnscap process to crash. An unauthenticated attacker can trigger this issue by sending a specially crafted mDNS message.
Recommendations
For CUJO Smart Firewall version 7003, consider disabling the mdnscap binary or restricting its access to mDNS packets until a fix is available.
Exploit
Fix
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cujo Smart Firewall