CVE-2024-41671 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.3 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
twisted	twisted	𝑥 ≤ 24.3.0	ADP

Debian Releases

Debian Product

Codename

twisted

bookworm	22.4.0-4+deb12u1 fixed
bookworm (security)	22.4.0-4+deb12u1 fixed
bullseye	vulnerable
bullseye (security)	20.3.0-7+deb11u2 fixed
forky	25.5.0-5 fixed
sid	25.5.0-5 fixed
trixie	24.11.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

twisted

bionic	Fixed 17.9.0-2ubuntu0.3+esm2 released
focal	Fixed 18.9.0-11ubuntu0.20.04.5 released
jammy	Fixed 22.1.0-2ubuntu2.6 released
noble	Fixed 24.3.0-1ubuntu0.1 released
oracular	not-affected
trusty	not-affected
xenial	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

python3-Twisted

suse enterprise server 15 SP4

22.2.0-150400.21.1

fixed

python311-Twisted

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-all_non_platform

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-conch

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-conch_nacl

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-contextvars

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-http2

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-serial

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

python311-Twisted-tls

suse enterprise desktop 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise desktop 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise sap 15 SP7	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP4	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP5	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP6	22.10.0-150400.5.23.1 fixed
suse enterprise server 15 SP7	22.10.0-150400.5.23.1 fixed

Common Weakness Enumeration

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References

https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33

https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc

https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7

https://github.com/twisted/twisted/commit/046a164f89a0f08d3239ecebd750360f8914df33

https://github.com/twisted/twisted/commit/4a930de12fb67e88fefcb8822104152f42b27abc

https://github.com/twisted/twisted/security/advisories/GHSA-c8m8-j448-xjx7

https://lists.debian.org/debian-lts-announce/2024/11/msg00028.html

https://www.vicarius.io/vsociety/posts/disordered-http-pipeline-in-twistedweb-cve-2024-4167