Lucene search

K
osvGoogleOSV:PYSEC-2022-160
HistoryMar 03, 2022 - 9:15 p.m.

PYSEC-2022-160

2022-03-0321:15:00
Google
osv.dev
35
twisted
framework
ssh
python 3.6+
security vulnerability

EPSS

0.004

Percentile

73.2%

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer’s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as nc -rv localhost 22 < /dev/zero. A patch is available in version 22.2.0. There are currently no known workarounds.