Sign-up

ID

VAR-202212-0735


CVE

CVE-2022-46770


TITLE

Linux Foundation  of  Qubesos  for  mirage firewall  Infinite loop vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023111

DESCRIPTION

qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). Linux Foundation of Qubesos for mirage firewall Exists in an infinite loop vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2022-46770 // JVNDB: JVNDB-2022-023111 // VULHUB: VHN-447365

AFFECTED PRODUCTS

vendor:linuxfoundationmodel:mirage firewallscope:ltversion:0.8.4

Trust: 1.0

vendor:linuxfoundationmodel:mirage firewallscope:gteversion:0.8.0

Trust: 1.0

vendor:linuxmodel:mirage firewallscope:eqversion:0.8.0 that's all 0.8.4

Trust: 0.8

vendor:linuxmodel:mirage firewallscope: - version: -

Trust: 0.8

vendor:linuxmodel:mirage firewallscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023111 // NVD: CVE-2022-46770

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46770
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2022-46770
value: HIGH

Trust: 1.0

NVD: CVE-2022-46770
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202212-2651
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2022-46770
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2022-46770
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023111 // CNNVD: CNNVD-202212-2651 // NVD: CVE-2022-46770 // NVD: CVE-2022-46770

PROBLEMTYPE DATA

problemtype:CWE-835

Trust: 1.0

problemtype:infinite loop (CWE-835) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-400

Trust: 0.1

sources: VULHUB: VHN-447365 // JVNDB: JVNDB-2022-023111 // NVD: CVE-2022-46770

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2651

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2651

PATCH

title:MirageOS qubes-mirage-firewall Remediation of resource management error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217136

Trust: 0.6

sources: CNNVD: CNNVD-202212-2651

EXTERNAL IDS

db:NVDid:CVE-2022-46770

Trust: 3.3

db:PACKETSTORMid:171610

Trust: 2.4

db:JVNDBid:JVNDB-2022-023111

Trust: 0.8

db:EXPLOIT-DBid:51157

Trust: 0.6

db:CNNVDid:CNNVD-202212-2651

Trust: 0.6

db:VULHUBid:VHN-447365

Trust: 0.1

sources: VULHUB: VHN-447365 // JVNDB: JVNDB-2022-023111 // CNNVD: CNNVD-202212-2651 // NVD: CVE-2022-46770

REFERENCES

url:https://github.com/mirage/qubes-mirage-firewall/issues/166

Trust: 2.5

url:http://packetstormsecurity.com/files/171610/qubes-mirage-firewall-0.8.3-denial-of-service.html

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2022-46770

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-46770/

Trust: 0.6

url:https://www.exploit-db.com/exploits/51157

Trust: 0.6

sources: VULHUB: VHN-447365 // JVNDB: JVNDB-2022-023111 // CNNVD: CNNVD-202212-2651 // NVD: CVE-2022-46770

SOURCES

db:VULHUBid:VHN-447365
db:JVNDBid:JVNDB-2022-023111
db:CNNVDid:CNNVD-202212-2651
db:NVDid:CVE-2022-46770

LAST UPDATE DATE

2025-04-25T01:38:26.584000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-447365date:2022-12-12T00:00:00
db:JVNDBid:JVNDB-2022-023111date:2023-11-27T03:06:00
db:CNNVDid:CNNVD-202212-2651date:2023-04-03T00:00:00
db:NVDid:CVE-2022-46770date:2025-04-23T16:15:29.060

SOURCES RELEASE DATE

db:VULHUBid:VHN-447365date:2022-12-07T00:00:00
db:JVNDBid:JVNDB-2022-023111date:2023-11-27T00:00:00
db:CNNVDid:CNNVD-202212-2651date:2022-12-07T00:00:00
db:NVDid:CVE-2022-46770date:2022-12-07T20:15:11.720