CVE-2026-49494

7.5 HIGH

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser

Published: 2026-06-07 · Last updated: 2026-06-08

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-191

Description

Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixed header's payload length field) by the size of each IPv6 extension header without validating it, so a packet whose declared payload length is smaller than the sum of its extension-header lengths underflows the value to a near-maximal 64-bit integer. Because IPv6 parsing occurs before firewall rule enforcement, a remote, unauthenticated attacker can send a single crafted IPv6 packet - even to a host with all ports blocked - to trigger an out-of-bounds read (and, on a separate code path, an oversized memcpy) in the Windows kernel at DISPATCH_LEVEL, crashing the system (BSOD).

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-11850 — An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c (5.0 MEDIUM)
CVE-2026-42542 — TDengine is an open source, time-series database optimized for Internet of Things devices (7.5 HIGH)
CVE-2026-42326 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
CVE-2026-45469 — Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally (7.8 HIGH)
CVE-2026-45463 — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally (8.4 HIGH)