{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T15:09:59.251","vulnerabilities":[{"cve":{"id":"CVE-2022-21716","sourceIdentifier":"security-advisories@github.com","published":"2022-03-03T21:15:07.747","lastModified":"2026-06-17T04:26:50.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds."},{"lang":"es","value":"Twisted es un marco de trabajo basado en eventos para aplicaciones de Internet, compatible con Python versión 3.6+. En versiones anteriores a 22.2.0, la implementación de cliente y servidor SSH de Twisted es capaz de aceptar una cantidad infinita de datos para el identificador de versión SSH del compañero. Esto termina con un buffer usando toda la memoria disponible. El adjunto es tan simple como \"nc -rv localhost 22 ( /dev/zero\". Se presenta un parche disponible en versión 22.2.0. Actualmente no se presentan medidas de mitigación conocidas"}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"twisted","product":"twisted","versions":[{"version":"< 22.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-22T15:42:00.960323Z","id":"CVE-2022-21716","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*","versionStartIncluding":"21.7.0","versionEndExcluding":"22.2.0","matchCriteriaId":"8C744C2C-D511-4F4F-AFC5-FF6D88E2DF26"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"DEECE5FC-CACF-4496-A3E7-164736409252"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"AD04BEE5-E9A8-4584-A68C-0195CE9C402C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*","matchCriteriaId":"D3E503FB-6279-4D4A-91D8-E237ECF9D2B0"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}]}]}],"references":[{"url":"https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/twisted/twisted/releases/tag/twisted-22.2.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx","source":"security-advisories@github.com","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/","source":"security-advisories@github.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/","source":"security-advisories@github.com"},{"url":"https://security.gentoo.org/glsa/202301-02","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://twistedmatrix.com/trac/ticket/10284","source":"security-advisories@github.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/twisted/twisted/commit/89c395ee794e85a9657b112c4351417850330ef9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/twisted/twisted/releases/tag/twisted-22.2.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2022/03/msg00009.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7U6KYDTOLPICAVSR34G2WRYLFBD2YW5K/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLKHA6WREIVAMBQD7KKWYHPHGGNKMAG6/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202301-02","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://twistedmatrix.com/trac/ticket/10284","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}