VYPR
High severity7.5NVD Advisory· Published Mar 3, 2022· Updated Jun 17, 2026

CVE-2022-21716

CVE-2022-21716

Description

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as nc -rv localhost 22 < /dev/zero. A patch is available in version 22.2.0. There are currently no known workarounds.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
twistedPyPI
>= 21.7.0, < 22.2.022.2.0

Affected products

23

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.