CVE-2026-49494: Integer Underflow (Wrap or Wraparound) in Comodo Comodo Internet Security
CVE-2026-49494 is a high-severity integer underflow vulnerability in the IPv6 packet parser of Comodo Internet Security's firewall driver Inspect. sys. The vulnerability arises because the parser decrements an unsigned 64-bit payload-length field by the size of IPv6 extension headers without validation, allowing an attacker to cause an underflow. This leads to out-of-bounds memory reads and an oversized memcpy operation in the Windows kernel at DISPATCH_LEVEL, resulting in a system crash (BSOD). The flaw can be triggered remotely by an unauthenticated attacker sending a specially crafted IPv6 packet, even if all ports are blocked by the firewall. No patch or official remediation guidance is currently available from the vendor. No known exploits in the wild have been reported.
AI Analysis
Technical Summary
Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow vulnerability in its IPv6 packet parser. The parser takes the IPv6 payload length from the fixed header and decrements it by the size of each IPv6 extension header without checking if the result underflows. If the declared payload length is smaller than the sum of extension header lengths, the unsigned 64-bit value underflows to a near-maximum integer. This causes out-of-bounds reads and an oversized memcpy in kernel mode at DISPATCH_LEVEL, leading to a Blue Screen of Death (BSOD). The vulnerability can be exploited remotely by sending a crafted IPv6 packet to the target system, bypassing firewall port restrictions. The CVSS 4.0 base score is 8.7, indicating high severity. No patch or vendor remediation information is currently available.
Potential Impact
A remote, unauthenticated attacker can cause a denial-of-service condition by crashing the affected system through a crafted IPv6 packet. The crash occurs due to out-of-bounds memory access in kernel mode, which can lead to a system-wide Blue Screen of Death (BSOD). There is no indication of code execution or data disclosure from the provided information. The impact is limited to system availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling IPv6 or the Comodo firewall component if feasible to reduce exposure. Monitor vendor communications for updates. No vendor advisory or patch links are currently provided.
CVE-2026-49494: Integer Underflow (Wrap or Wraparound) in Comodo Comodo Internet Security
Description
CVE-2026-49494 is a high-severity integer underflow vulnerability in the IPv6 packet parser of Comodo Internet Security's firewall driver Inspect. sys. The vulnerability arises because the parser decrements an unsigned 64-bit payload-length field by the size of IPv6 extension headers without validation, allowing an attacker to cause an underflow. This leads to out-of-bounds memory reads and an oversized memcpy operation in the Windows kernel at DISPATCH_LEVEL, resulting in a system crash (BSOD). The flaw can be triggered remotely by an unauthenticated attacker sending a specially crafted IPv6 packet, even if all ports are blocked by the firewall. No patch or official remediation guidance is currently available from the vendor. No known exploits in the wild have been reported.
CVSS v4.0
Score 8.7high
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow vulnerability in its IPv6 packet parser. The parser takes the IPv6 payload length from the fixed header and decrements it by the size of each IPv6 extension header without checking if the result underflows. If the declared payload length is smaller than the sum of extension header lengths, the unsigned 64-bit value underflows to a near-maximum integer. This causes out-of-bounds reads and an oversized memcpy in kernel mode at DISPATCH_LEVEL, leading to a Blue Screen of Death (BSOD). The vulnerability can be exploited remotely by sending a crafted IPv6 packet to the target system, bypassing firewall port restrictions. The CVSS 4.0 base score is 8.7, indicating high severity. No patch or vendor remediation information is currently available.
Potential Impact
A remote, unauthenticated attacker can cause a denial-of-service condition by crashing the affected system through a crafted IPv6 packet. The crash occurs due to out-of-bounds memory access in kernel mode, which can lead to a system-wide Blue Screen of Death (BSOD). There is no indication of code execution or data disclosure from the provided information. The impact is limited to system availability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider disabling IPv6 or the Comodo firewall component if feasible to reduce exposure. Monitor vendor communications for updates. No vendor advisory or patch links are currently provided.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2026-05-31T11:54:34.993Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a25619ce29bf47b50cbf0bd
Added to database: 6/7/2026, 12:18:36 PM
Last enriched: 6/7/2026, 12:33:29 PM
Last updated: 6/7/2026, 1:47:56 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.