CVE-2022-46770

HIGH

qubes-mirage-firewall <0.8.4 - DoS

Title source: llm

Description

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).

Exploits (2)

exploitdb WORKING POC

by Krzysztof Burghardt · pythondoshardware

https://www.exploit-db.com/exploits/51157

View Code ZIP pw:eip

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/mirageos/qubes_mirage_firewall_dos.rb

View Code ZIP pw:eip

References (2)

[Exploit, Patch, Third Party Advisory] https://github.com/mirage/qubes-mirage-firewall/issues/166

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html

Scores

CVSS v3 7.5

EPSS 0.1691

EPSS Percentile 95.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-835

Status published

Products (1)

linuxfoundation/mirage_firewall 0.8.0 - 0.8.4

Published Dec 07, 2022

Tracked Since Feb 18, 2026