5 matches found
OESA-2026-2488 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
OESA-2026-2368 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...
CVE-2026-42304
The CVE-2026-42304 issue affects Twisted (twisted.names) up to version 26.4.0rc2. Root cause: the DNS name decoder in twisted.names.dns.Name.decode lacks a limit on pointer dereferences per DNS message, and the per-question visited state can reset, enabling an attacker to craft TCP DNS packets wi...
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...
GHSA-GRGV-6HW6-V9G4 Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...