ID de Prueba:	1.3.6.1.4.1.25623.1.0.147822
Categoría:	Denial of Service
Título:	Twisted Web 21.7.0 < 22.2.0 DoS Vulnerability
Resumen:	Twisted Web is prone to a denial of service (DoS); vulnerability.
Descripción:	Summary: Twisted Web is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that uses all available memory and crash the server, resulting in denial of service. The attack is as simple as nc -rv localhost 22 < /dev/zero. Affected Software/OS: Twisted Web version 21.7.0 and later. Solution: Update to version 22.2.0 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21716 https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/ https://security.gentoo.org/glsa/202301-02 https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9 https://github.com/twisted/twisted/releases/tag/twisted-22.2.0 https://twistedmatrix.com/trac/ticket/10284 https://www.oracle.com/security-alerts/cpuapr2022.html https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.