| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Denial of service |
|
| Description |
| + |
The Twisted SSH client and server implementation prior to 22.2.0 naively accepted an infinite amount of data for the peer's SSH version identifier. |
| + |
|
| + |
A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as nc -rv localhost 22 < /dev/zero. |
|
| References |
| + |
https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx |
| + |
https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1 |
| + |
https://twistedmatrix.com/trac/ticket/10284 |
|
| Notes |
|