Lucene search
K

847 matches found

PyPA
PyPA
added 2026/05/13 9:16 p.m.17 views

PYSEC-2026-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/13 9:16 p.m.9 views

adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.1 <=0.1.1) +146 more potentially affected by CVE-2026-42304 via twisted (>=20.3.0 <=25.5.0)

twisted PYPI version =20.3.0, =0.4.0, =0.0.1, =0.1.3, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =1.9.0, =0.2.86, =202406.1129.0, =3.9.2, =3.11.9 and more Source cves: CVE-2026-42304 Source advisory: OSV:PYSEC-2026-160...

7.5CVSS5.4AI score0.00433EPSS
Exploits1
OSV
OSV
added 2026/05/13 9:16 p.m.6 views

PYSEC-2026-160

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 9:16 p.m.9 views

CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS0.00433EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 8:20 p.m.32 views

CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS0.00433EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 8:20 p.m.55 views

CVE-2026-42304

The CVE-2026-42304 issue affects Twisted (twisted.names) up to version 26.4.0rc2. Root cause: the DNS name decoder in twisted.names.dns.Name.decode lacks a limit on pointer dereferences per DNS message, and the per-question visited state can reset, enabling an attacker to craft TCP DNS packets wi...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 8:20 p.m.8 views

CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 8:20 p.m.7 views

CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 8:20 p.m.6 views

CVE-2026-42304

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...

7.5CVSS5.8AI score0.00433EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

Twisted 资源管理错误漏洞

Twisted is an open-source network engine developed by Twisted Matrix Labs, written in Python. Versions of Twisted prior to 26.4.0rc2 contained a resource management vulnerability. This vulnerability stemmed from a resource exhaustion issue during the DNS name decompression process in the...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2026/05/12 12:0 a.m.3 views

OPENSUSE-SU-2026:10759-1 python-Twisted-doc-26.4.0-1.1 on GA media

These are all security issues fixed in the python-Twisted-doc-26.4.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-42304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of...

7.5CVSS5.5AI score0.00433EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/05/05 9:12 p.m.8 views

2adif (=0.1.0), 3robotics (=0.0.1) +1536 more potentially affected by CVE-2026-42304 via twisted (>=20.3.0 <=26.4.0)

twisted PYPI version =20.3.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 and more Source cves: CVE-2026-42304 Source advisory: OSV:GHSA-GRGV-6HW6-V9G4...

7.5CVSS5.7AI score0.00433EPSS
Exploits1
OSV
OSV
added 2026/05/05 9:12 p.m.4 views

GHSA-GRGV-6HW6-V9G4 Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

7.5CVSS5.9AI score0.00433EPSS
Exploits1References5
Snyk
Snyk
added 2026/05/05 9:12 p.m.9 views

Inefficient Algorithmic Complexity

Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...

8.7CVSS5.8AI score0.00433EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/05/05 9:12 p.m.6 views

2adif (=0.1.0), 3robotics (=0.0.1) +1444 more potentially affected by CVE-2026-42304 via twisted (=26.4.0)

twisted PYPI version =26.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on twisted and may be impacted: - 2adif =0.1.0 - 3robotics =0.0.1 - abaci-users =0.1.0 - achilles =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =3.0.0, =0.1.4,...

7.5CVSS5.7AI score0.00433EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/05 9:12 p.m.13 views

Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains

Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...

7.5CVSS5.9AI score0.00433EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-37262

Name of the Vulnerable Software and Affected Versions Twisted versions prior to 26.4.0 Description The twisted.names module is susceptible to a Denial of Service DoS attack caused by resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can send a specially crafted...

7.5CVSS5.8AI score0.00433EPSS
Exploits3References56
Circl
Circl
added 2026/04/29 3:46 p.m.13 views

CVE-2026-42304

creationtimestamp| type| source ---|---|--- 2026-04-29 15:46:16+00:00| published-proof-of-concept| https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4...

7.5CVSS4.9AI score0.00433EPSS
Exploits1References1
OSV
OSV
added 2026/04/21 4:35 a.m.10 views

AZL-9340 CVE-2022-24801 for package python-twisted is not applicable

This CVE either no longer is or was never applicable...

8.1CVSS5.7AI score0.028EPSS
Exploits0References1
Rows per page
Query Builder