CVE-2022-21716: Buffer Overflow in Twisted
First published: Thu Mar 03 2022(Updated: )
### Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as `nc -rv localhost 22 < /dev/zero`. ### Patches The issue was fix in GitHub commit https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1 A fix is available in Twisted 22.2.0. ### Workarounds * Limit access to the SSH server only to trusted source IP addresses. * Connect over SSH only to trusted destination IP addresses. ### References Reported at https://twistedmatrix.com/trac/ticket/10284 Discussions at https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx ### For more information Found by vin01
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Twistedmatrix Twisted | >=21.7.0<22.2.0 | |
| Debian Debian Linux | =9.0 | |
| Oracle HTTP Server | =12.2.1.3.0 | |
| Oracle HTTP Server | =12.2.1.4.0 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| pip/twisted | >=21.7.0<22.2.0 | 22.2.0 |
| Twisted Twisted | >=21.7.0<22.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9
- https://github.com/twisted/twisted/releases/tag/twisted-22.2.0
- https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
- https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
- https://security.gentoo.org/glsa/202301-02
- https://twistedmatrix.com/trac/ticket/10284
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/
- https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1
- https://nvd.nist.gov/vuln/detail/CVE-2022-21716
- https://github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-160.yaml
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
- https://github.com/advisories/GHSA-rv6r-3f5q-9rgx (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6
Frequently Asked Questions
What is CVE-2022-21716?
CVE-2022-21716 is a vulnerability in the Twisted SSH client and server implementation that allows a malicious peer to crash the server and cause a denial of service by sending an infinite amount of data.
What is the impact of CVE-2022-21716?
The impact of CVE-2022-21716 is a denial of service, as the server can be crashed by a malicious peer.
How can a malicious peer exploit CVE-2022-21716?
A malicious peer can exploit CVE-2022-21716 by crafting a request that uses all available memory, causing the server to crash.
Which versions of Twisted are affected by CVE-2022-21716?
Versions of Twisted between 21.7.0 and 22.2.0 are affected by CVE-2022-21716.
How can I remediate the CVE-2022-21716 vulnerability?
To remediate the CVE-2022-21716 vulnerability, update Twisted to version 22.2.0 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/title
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-rv6r-3f5q-9rgx
- alias/CVE-2022-21716
- agent/software-canonical-lookup
- agent/references
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/softwarecombine
- agent/tags
- collector/github-advisory
- collector/nvd-cve
- agent/trending
- vendor/twistedmatrix
- canonical/twistedmatrix twisted
- version/twistedmatrix twisted/21.7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/oracle
- canonical/oracle http server
- version/oracle http server/12.2.1.3.0
- version/oracle http server/12.2.1.4.0
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- package-manager/pip
- vendor/twisted
- canonical/twisted twisted
- version/twisted twisted/21.7.0