Описание
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as nc -rv localhost 22 < /dev/zero. A patch is available in version 22.2.0. There are currently no known workarounds.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 17.9.0-2ubuntu0.3 |
| devel | released | 22.4.0-1 |
| esm-infra-legacy/trusty | released | 13.2.0-1ubuntu1.2+esm2 |
| esm-infra/bionic | released | 17.9.0-2ubuntu0.3 |
| esm-infra/focal | released | 18.9.0-11ubuntu0.20.04.2 |
| esm-infra/xenial | released | 16.0.0-1ubuntu0.4+esm1 |
| focal | released | 18.9.0-11ubuntu0.20.04.2 |
| impish | released | 20.3.0-7ubuntu1.1 |
| jammy | released | 22.1.0-2ubuntu2.1 |
| trusty | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
Twisted is an event-based framework for internet applications, support ...
EPSS
5 Medium
CVSS2
7.5 High
CVSS3