7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
twisted is vulnerable to denial of service. The vulnerability exists due to the lack of validation of the peer’s SSH version identifier and accepting an infinite amount of data allowing an attacker to craft a request that uses all available memory and crashes the server,
github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9
github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1
github.com/twisted/twisted/releases/tag/twisted-22.2.0
github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
lists.debian.org/debian-lts-announce/2022/03/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
lists.fedoraproject.org/archives/list/[email protected]/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
security.gentoo.org/glsa/202301-02
twistedmatrix.com/trac/ticket/10284
www.oracle.com/security-alerts/cpuapr2022.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P