Published: 03/03/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Twisted is an event-based framework for internet applications, supporting Python 3.6+. before 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Vulnerable Product	Search on Vulmon	Subscribe to Product
twistedmatrix twisted
debian debian linux 9.0
oracle http server 12.2.1.3.0
oracle http server 12.2.1.4.0
oracle zfs storage appliance kit 8.8
fedoraproject fedora 35
fedoraproject fedora 36

Synopsis Important: Red Hat OpenStack Platform 161 (python-twisted) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-twisted is now available for Red Hat OpenStackPlatform 161 (Train) ...

Synopsis Important: Red Hat OpenStack Platform 162 (python-twisted) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-twisted is now available for Red Hat OpenStackPlatform 162 (Train) ...

Twisted could be made to crash if it received specially crafted network traffic ...

Several security issues were fixed in Twisted ...

An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived() function This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server (CVE-2022-21716) ...

Twisted is an event-based framework for internet applications, supporting Python 36+ Prior to 2220, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier This ends up with a buffer using all the available memory The attach is a simple as `nc -rv localhost 22 < /dev/zero` ...

Severity Unknown Remote Unknown Type Unknown Description AVG-2663 python-twisted 2170-4 Medium Vulnerable FS#74362 ...

ALAS-2022-231 Amazon Linux 2022 Security Advisory: ALAS-2022-231 Advisory Release Date: 2022-12-06 16:42 Pacific ...

An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived() function This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server (CVE-2022-21716) ...

CWE-770 https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://twistedmatrix.com/trac/ticket/10284 https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html https://www.oracle.com/security-alerts/cpuapr2022.html https://security.gentoo.org/glsa/202301-02 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/https://access.redhat.com/errata/RHSA-2022:0982 https://nvd.nist.gov https://ubuntu.com/security/notices/USN-5354-2

CVE-2022-21716

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect