8 matches found
Debian dsa-5797 : python3-twisted - security update
The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5797 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5797-1 [email protected] https://www.debian.org/securit...
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Twisted vulnerabilities (USN-6575-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6575-1 advisory. It was discovered that Twisted incorrectly escaped host headers in certain 404 responses. A remote attacker could possibly us...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-432)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-432 advisory. Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously...
GHSA-XC8X-VP79-P3WM twisted.web has disordered HTTP pipeline response
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, th...
Important: python-twisted-web
Issue Overview: A flaw was found in python-twisted. This vulnerability occurs due to the parsing of illegal constructs in the twisted.web.http module. The illegal constructs include '+/-' in the Content-Length header, '\n and \t' etc. Non-conformant parsing leads to a desync if requests pass...
Amazon Linux 2023 : python3-twisted, python3-twisted+tls (ALAS2023-2023-130)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-130 advisory. Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host twisted.web.vhost.NameVirtualHost will return a NoResourc...
CVE-2022-39348
CVE-2022-39348 (Twisted) affects the Twisted event-based framework for internet applications. When the host header does not match a configured host (twisted.web.vhost.NameVirtualHost), NoResource is returned and the Host header is unescaped in the 404, enabling HTML and script injection. The issu...
CVE-2022-21716
CVE-2022-21716 affects Twisted (Python, event-driven networking framework). The issue arises in Twisted SSH client/server where, prior to 22.2.0, the peer SSH version identifier can be fed an unlimited amount of data, causing a memory-exhaustion vulnerability (buffer growth). The example of explo...