CVE-2022-21716 log

Severity Medium
Remote Yes
Type Denial of service
The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier.

A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as nc -rv localhost 22 < /dev/zero.
Group Package Affected Fixed Severity Status Ticket
AVG-2663 python-twisted 21.7.0-4 Medium Vulnerable FS#74362