Bug 834542 (CVE-2022-21716)

Summary:	<dev-python/twisted-22.2.0: DoS via peer SSH version identifier
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	python
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx
Whiteboard:	B3 [glsa+]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2022-03-03 23:41:20 UTC

CVE-2022-21716:

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Fixed in 22.2.0.

Comment 1 John Helmert III archtester

2022-11-22 16:48:12 UTC

GLSA request filed

Comment 2 Larry the Git Cow gentoo-dev

2023-01-11 05:23:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=2bcf5e2e8d41a687f63bb2d3acc767b943e61b24

commit 2bcf5e2e8d41a687f63bb2d3acc767b943e61b24
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-01-11 05:16:16 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2023-01-11 05:22:04 +0000

    [ GLSA 202301-02 ] Twisted: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/832875
    Bug: https://bugs.gentoo.org/834542
    Bug: https://bugs.gentoo.org/878499
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202301-02.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

Comment 3 John Helmert III archtester

2023-01-11 05:25:59 UTC

GLSA released, all done!