cve/2018/CVE-2018-4003.md

### [CVE-2018-4003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4003)
![](https://img.shields.io/static/v1?label=Product&message=CUJO&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=heap%20overflow&color=brighgreen)

### Description

An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0672

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-4003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4003)`
			`![](https://img.shields.io/static/v1?label=Product&message=CUJO&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=heap%20overflow&color=brighgreen)`

			`### Description`

			`An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability.`

			`### POC`

			`#### Reference`
			`- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0672`

			`#### Github`
			`No PoCs found on GitHub currently.`