Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Denial of service in SSH transport for twisted #10284

Open
twisted-trac opened this issue Dec 24, 2021 · 3 comments
Open

Denial of service in SSH transport for twisted #10284

twisted-trac opened this issue Dec 24, 2021 · 3 comments

Comments

@twisted-trac
Copy link
Collaborator

@twisted-trac twisted-trac commented Dec 24, 2021

vin01's avatar @vin01 reported
Trac ID trac#10284
Type defect
Created 2021-12-24 16:16:46Z
Searchable metadata
trac-id__10284 10284
type__defect defect
reporter__vin01 vin01
priority__normal normal
milestone__None None
branch__ 
branch_author__ 
status__new new
resolution__None None
component__conch conch
keywords__security__ssh security, ssh
time__1640362606139091 1640362606139091
changetime__1645082891203329 1645082891203329
version__None None
owner__adiroiban1 adiroiban1
cc__alex
@twisted-trac
Copy link
Collaborator Author

@twisted-trac twisted-trac commented Jan 27, 2022

adiroiban's avatar @adiroiban commented

There is a private PR with a proposed fix for this

@twisted-trac
Copy link
Collaborator Author

@twisted-trac twisted-trac commented Jan 28, 2022

exarkun's avatar @exarkun set owner to adiroiban1

Hm. Public disclosure. Oops. I'm not sure having the fix in private makes too much sense in such a case... But in any case, it's reviewed.

@twisted-trac
Copy link
Collaborator Author

@twisted-trac twisted-trac commented Feb 17, 2022

vin01's avatar @vin01 commented

I agree. The Github advisory also seems to be private as I haven't received any notification yet.

vmario pushed a commit to vmario/twisted that referenced this issue Jul 4, 2022
[Fix twisted#10284] Fix out of memory deny of service for conch ssh version string handling during handshake.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant