Vulnerability Details CVE-2022-46770
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.119
EPSS Ranking 93.5%
CVSS Severity
CVSS v3 Score 7.5
References
- http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html
- https://github.com/mirage/qubes-mirage-firewall/issues/166
- http://packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html
- https://github.com/mirage/qubes-mirage-firewall/issues/166
Products affected by CVE-2022-46770
-
cpe:2.3:a:linuxfoundation:mirage_firewall:0.8.0
-
cpe:2.3:a:linuxfoundation:mirage_firewall:0.8.1
-
cpe:2.3:a:linuxfoundation:mirage_firewall:0.8.2
-
cpe:2.3:a:linuxfoundation:mirage_firewall:0.8.3