CVE-2022-21716 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as nc -rv localhost 22 < /dev/zero.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2663	python-twisted	21.7.0-4		Medium	Vulnerable	FS#74362

References
https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1 https://twistedmatrix.com/trac/ticket/10284

References

https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1
https://twistedmatrix.com/trac/ticket/10284