847 matches found
PYSEC-2026-160
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
adyanutils (>=0.4.0 <=0.8.6), apricot-server (>=0.0.1 <=0.1.1) +146 more potentially affected by CVE-2026-42304 via twisted (>=20.3.0 <=25.5.0)
twisted PYPI version =20.3.0, =0.4.0, =0.0.1, =0.1.3, =0.2.0, =3.4.1, =1.5.0, =1.5.0, =0.2.0, =0.0.2, =1.9.0, =0.2.86, =202406.1129.0, =3.9.2, =3.11.9 and more Source cves: CVE-2026-42304 Source advisory: OSV:PYSEC-2026-160...
PYSEC-2026-160
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304
The CVE-2026-42304 issue affects Twisted (twisted.names) up to version 26.4.0rc2. Root cause: the DNS name decoder in twisted.names.dns.Name.decode lacks a limit on pointer dereferences per DNS message, and the per-question visited state can reset, enabling an attacker to craft TCP DNS packets wi...
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
CVE-2026-42304
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending...
Twisted 资源管理错误漏洞
Twisted is an open-source network engine developed by Twisted Matrix Labs, written in Python. Versions of Twisted prior to 26.4.0rc2 contained a resource management vulnerability. This vulnerability stemmed from a resource exhaustion issue during the DNS name decompression process in the...
OPENSUSE-SU-2026:10759-1 python-Twisted-doc-26.4.0-1.1 on GA media
These are all security issues fixed in the python-Twisted-doc-26.4.0-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-42304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of...
2adif (=0.1.0), 3robotics (=0.0.1) +1536 more potentially affected by CVE-2026-42304 via twisted (>=20.3.0 <=26.4.0)
twisted PYPI version =20.3.0, =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =0.4.0, =3.0.0, =0.1.4, =1.0.0, =1.0.2 and more Source cves: CVE-2026-42304 Source advisory: OSV:GHSA-GRGV-6HW6-V9G4...
GHSA-GRGV-6HW6-V9G4 Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...
Inefficient Algorithmic Complexity
Overview Twisted is an event-based network programming and multi-protocol integration framework. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity through the decode function in the DNS name decompression process. An attacker can cause the server to hang and...
2adif (=0.1.0), 3robotics (=0.0.1) +1444 more potentially affected by CVE-2026-42304 via twisted (=26.4.0)
twisted PYPI version =26.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on twisted and may be impacted: - 2adif =0.1.0 - 3robotics =0.0.1 - abaci-users =0.1.0 - achilles =0.0.12, =3.0.9, =3.0.0, =0.1.0, =23.12.0rc1, =0.10.0, =0.0.1, =3.0.0, =0.1.4,...
Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Details The twisted.names module is vulnerable to a Denial of Service DoS attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previo...
PT-2026-37262
Name of the Vulnerable Software and Affected Versions Twisted versions prior to 26.4.0 Description The twisted.names module is susceptible to a Denial of Service DoS attack caused by resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can send a specially crafted...
CVE-2026-42304
creationtimestamp| type| source ---|---|--- 2026-04-29 15:46:16+00:00| published-proof-of-concept| https://github.com/twisted/twisted/security/advisories/GHSA-grgv-6hw6-v9g4...
AZL-9340 CVE-2022-24801 for package python-twisted is not applicable
This CVE either no longer is or was never applicable...