Skip to main content

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2022-21716

Severity High
Score 7.5/10

Summary

Twisted is an event-based framework for internet applications, supporting Python 3.6+. In versions 21.7.0 prior to 22.2.0rc1, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0rc1. There are currently no known workarounds.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Advisory Timeline

  • Published