High severity7.5NVD Advisory· Published Mar 3, 2022· Updated Jun 17, 2026
CVE-2022-21716
CVE-2022-21716
Description
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as nc -rv localhost 22 < /dev/zero. A patch is available in version 22.2.0. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
twistedPyPI | >= 21.7.0, < 22.2.0 | 22.2.0 |
Affected products
23- ghsa-coords22 versionspkg:pypi/twistedpkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-Twisted&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-Twisted&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Twisted&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP3pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP4pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-Twisted&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Twisted&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
>= 21.7.0, < 22.2.0+ 21 more
- (no CPE)range: >= 21.7.0, < 22.2.0
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 22.2.0-1.1
- (no CPE)range: < 15.2.1-9.17.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 22.2.0-150400.5.4.1
- (no CPE)range: < 15.2.1-9.17.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 19.10.0-150200.3.12.1
- (no CPE)range: < 15.2.1-9.17.1
- (no CPE)range: < 15.2.1-9.17.1
- (no CPE)range: < 15.2.1-9.17.1
- (no CPE)range: < 15.2.1-9.17.1
Patches
Vulnerability mechanics
References
17- github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9nvdPatchThird Party AdvisoryWEB
- www.oracle.com/security-alerts/cpuapr2022.htmlnvdPatchThird Party AdvisoryWEB
- github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgxnvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-rv6r-3f5q-9rgxghsaADVISORY
- github.com/twisted/twisted/releases/tag/twisted-22.2.0nvdRelease NotesThird Party AdvisoryWEB
- lists.debian.org/debian-lts-announce/2022/03/msg00009.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-21716ghsaADVISORY
- security.gentoo.org/glsa/202301-02nvdThird Party AdvisoryWEB
- twistedmatrix.com/trac/ticket/10284nvdIssue TrackingVendor AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/twisted/PYSEC-2022-160.yamlghsaWEB
- github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5KghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5KghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/nvd
News mentions
0No linked articles in our index yet.