Oracle HTTP Server Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability - CVE-2022-21716

Twisted is an event-based framework for internet applications supporting Python 3.6. Prior to 22.2.0 Twisted SSH client and server implement is able to accept an infinite amount of data for the peer39s SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as nc -rv localhost 22 lt /dev/zero. A patch is available in version 22.2.0. There are currently no known workarounds.