twisted is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the peer’s SSH version identifier and accepting an infinite amount of data allowing an attacker to craft a request that uses all available memory and crashes the server,
Vendor | Product | Version | CPE |
---|---|---|---|
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:22.1.0-r0:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:21.7.0-r1:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:19.10.0-r0:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:21.2.0-r0:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:20.3.0-r2:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:21.7.0-r2:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:21.7.0-r0:*:*:*:*:*:*:* |
- | py3-twisted\ | edge | cpe:2.3:a:-:py3-twisted\:edge:20.3.0-r0:*:*:*:*:*:*:* |
- | python-twisted | 16.4.1_17.el8ost.1 | cpe:2.3:a:-:python-twisted:16.4.1_17.el8ost.1:*:*:*:*:*:*:* |
- | python-twisted | 8.2.0_3.1.el6 | cpe:2.3:a:-:python-twisted:8.2.0_3.1.el6:*:*:*:*:*:*:* |
github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9
github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1
github.com/twisted/twisted/releases/tag/twisted-22.2.0
github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
lists.debian.org/debian-lts-announce/2022/03/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
lists.fedoraproject.org/archives/list/[email protected]/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
security.gentoo.org/glsa/202301-02
twistedmatrix.com/trac/ticket/10284
www.oracle.com/security-alerts/cpuapr2022.html