Lucene search

[email protected]CVE-2022-46770

HistoryDec 07, 2022 - 8:15 p.m.

CVE-2022-46770

2022-12-0720:15:11

CWE-835

[email protected]

web.nvd.nist.gov

cve-2022-46770

qubes-mirage-firewall

qubesos

dos

cpu consumption

udp

multicast

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.415 Medium

EPSS

Percentile

97.3%

JSON

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).

Affected configurations

NVD

Node

linuxfoundationmirage_firewallRange0.8.0–0.8.4qubesos

CPENameOperatorVersion
linuxfoundation:mirage_firewalllinuxfoundation mirage firewalllt0.8.4

CPE	Name	Operator	Version
linuxfoundation:mirage_firewall	linuxfoundation mirage firewall	lt	0.8.4

References

packetstormsecurity.com/files/171610/Qubes-Mirage-Firewall-0.8.3-Denial-Of-Service.html

github.com/mirage/qubes-mirage-firewall/issues/166

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.415 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2022-46770

zdt1 cvelist1 nvd1 packetstorm1 prion1 osv1 exploitdb1 rapid7blog1