CVE-2022-46770

Name of the Vulnerable Software and Affected Versions qubes-mirage-firewall versions 0.8.x through 0.8.3

Description The issue is related to a denial of service caused by a crafted multicast UDP packet. This can lead to CPU consumption and loss of forwarding. The vulnerability can be exploited by sending specially crafted UDP packets to an IP address range of 224.0.0.0 through 239.255.255.255.

Recommendations For versions 0.8.x through 0.8.3, consider restricting access to the vulnerable qubes-mirage-firewall to minimize the risk of exploitation. As a temporary workaround, avoid using the IP address range of 224.0.0.0 through 239.255.255.255 in the affected environment until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.