CVE-2022-21716
Buffer Overflow in Twisted
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Twisted es un marco de trabajo basado en eventos para aplicaciones de Internet, compatible con Python versión 3.6+. En versiones anteriores a 22.2.0, la implementación de cliente y servidor SSH de Twisted es capaz de aceptar una cantidad infinita de datos para el identificador de versión SSH del compañero. Esto termina con un buffer usando toda la memoria disponible. El adjunto es tan simple como "nc -rv localhost 22 ( /dev/zero". Se presenta un parche disponible en versión 22.2.0. Actualmente no se presentan medidas de mitigación conocidas
An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived() function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-16 CVE Reserved
- 2022-03-03 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-11-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 | Release Notes | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 | 2023-11-07 | |
https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Twistedmatrix Search vendor "Twistedmatrix" | Twisted Search vendor "Twistedmatrix" for product "Twisted" | >= 21.7.0 < 22.2.0 Search vendor "Twistedmatrix" for product "Twisted" and version " >= 21.7.0 < 22.2.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
|