{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-21716", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T02:53:34.846Z", "dateReserved": "2021-11-16T00:00:00", "datePublished": "2022-03-03T00:00:00"}, "containers": {"cna": {"title": "Buffer Overflow in Twisted", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds."}], "affected": [{"vendor": "twisted", "product": "twisted", "versions": [{"version": "< 22.2.0", "status": "affected"}]}], "references": [{"url": "https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx"}, {"url": "https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9"}, {"url": "https://github.com/twisted/twisted/releases/tag/twisted-22.2.0"}, {"url": "https://twistedmatrix.com/trac/ticket/10284"}, {"name": "[debian-lts-announce] 20220308 [SECURITY] [DLA 2938-1] twisted security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "FEDORA-2022-71b66d4747", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/"}, {"name": "FEDORA-2022-9a489fa494", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/"}, {"name": "GLSA-202301-02", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202301-02"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "cweId": "CWE-120"}]}], "source": {"advisory": "GHSA-rv6r-3f5q-9rgx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T02:53:34.846Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx", "tags": ["x_transferred"]}, {"url": "https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9", "tags": ["x_transferred"]}, {"url": "https://github.com/twisted/twisted/releases/tag/twisted-22.2.0", "tags": ["x_transferred"]}, {"url": "https://twistedmatrix.com/trac/ticket/10284", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220308 [SECURITY] [DLA 2938-1] twisted security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-71b66d4747", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/"}, {"name": "FEDORA-2022-9a489fa494", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/"}, {"name": "GLSA-202301-02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202301-02"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCAC1EB4-978A-4D5E-8DE7-8726B18FD9F9", "versionEndExcluding": "22.2.0", "versionStartIncluding": "21.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds."}, {"lang": "es", "value": "Twisted es un marco de trabajo basado en eventos para aplicaciones de Internet, compatible con Python versi\u00f3n 3.6+. En versiones anteriores a 22.2.0, la implementaci\u00f3n de cliente y servidor SSH de Twisted es capaz de aceptar una cantidad infinita de datos para el identificador de versi\u00f3n SSH del compa\u00f1ero. Esto termina con un buffer usando toda la memoria disponible. El adjunto es tan simple como \"nc -rv localhost 22 ( /dev/zero\". Se presenta un parche disponible en versi\u00f3n 22.2.0. Actualmente no se presentan medidas de mitigaci\u00f3n conocidas"}], "id": "CVE-2022-21716", "lastModified": "2023-11-07T03:43:42.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-03-03T21:15:07.747", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/twisted/twisted/releases/tag/twisted-22.2.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202301-02"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://twistedmatrix.com/trac/ticket/10284"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0982", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "python-twisted-0:16.4.1-19.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2022-03-24T00:00:00Z"}, {"advisory": "RHSA-2022:0992", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "python-twisted-0:16.4.1-19.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2022-03-23T00:00:00Z"}], "bugzilla": {"description": "python-twisted: SSH client and server denial of service during SSH handshake", "id": "2060960", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2060960"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.", "An uncontrolled resource consumption flaw was found in python-twisted in the dataReceived() function. This flaw allows an unauthenticated, remote attacker to send a simple command to use all available memory and crash the server."], "name": "CVE-2022-21716", "package_state": [{"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-twisted", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python-twisted-conch", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Affected", "package_name": "python-twisted", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "python-twisted", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.3::el8", "fix_state": "Affected", "package_name": "python-twisted", "product_name": "Service Telemetry Framework 1.3 for RHEL 8"}], "public_date": "2022-03-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-21716\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-21716"], "threat_severity": "Important", "upstream_fix": "python-twisted 22.2.0"}