Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Twisted
Twisted twisted |
|
CPEs | cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:* | |
Vendors & Products |
Twistedmatrix
Twistedmatrix twisted |
Twisted
Twisted twisted |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-03-03T00:00:00
Updated: 2024-08-03T02:53:34.846Z
Reserved: 2021-11-16T00:00:00
Link: CVE-2022-21716
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-03T21:15:07.747
Modified: 2024-11-25T18:12:24.673
Link: CVE-2022-21716
Redhat