UBUNTU-CVE-2026-42304

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-42304
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-42304
Upstream
Downstream
Related
Published
2026-05-13T21:16:00Z
Modified
2026-06-03T22:07:11.863371976Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote, unauthenticated attacker can exploit this by sending a crafted TCP DNS packet containing deeply chained compression pointers. This flaw bypasses previous loop-prevention logic, causing the single-threaded Twisted reactor to hang while processing millions of recursive lookups, effectively freezing the server. This vulnerability is fixed in 26.4.0rc2.

References

Affected packages

Ubuntu:20.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

18.*
18.9.0-3ubuntu1
18.9.0-5
18.9.0-6
18.9.0-6build1
18.9.0-6ubuntu1
18.9.0-8
18.9.0-11
18.9.0-11ubuntu0.20.04.1
18.9.0-11ubuntu0.20.04.2
18.9.0-11ubuntu0.20.04.3
18.9.0-11ubuntu0.20.04.4
18.9.0-11ubuntu0.20.04.5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "18.9.0-11ubuntu0.20.04.5"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "18.9.0-11ubuntu0.20.04.5"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:22.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.1.0-2ubuntu2.7

Affected versions

20.*
20.3.0-7ubuntu1
20.3.0-7ubuntu3
22.*
22.1.0-2ubuntu2
22.1.0-2ubuntu2.1
22.1.0-2ubuntu2.3
22.1.0-2ubuntu2.4
22.1.0-2ubuntu2.5
22.1.0-2ubuntu2.6

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "22.1.0-2ubuntu2.7"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:24.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.3.0-1ubuntu0.2

Affected versions

22.*
22.4.0-4
22.4.0-4ubuntu1
23.*
23.10.0-2
24.*
24.3.0-1
24.3.0-1ubuntu0.1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "24.3.0-1ubuntu0.2"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:25.10
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.11.0-1ubuntu0.1

Affected versions

24.*
24.11.0-1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "24.11.0-1ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:26.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
25.5.0-5ubuntu0.1

Affected versions

24.*
24.11.0-1
25.*
25.5.0-4
25.5.0-5

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-twisted",
            "binary_version": "25.5.0-5ubuntu0.1"
        }
    ],
    "availability": "No subscription required"
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:Pro:14.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=esm-infra-legacy%2Ftrusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

13.*
13.0.0-1ubuntu1
13.2.0-1ubuntu1
13.2.0-1ubuntu1.2
13.2.0-1ubuntu1.2+esm1
13.2.0-1ubuntu1.2+esm2
13.2.0-1ubuntu1.2+esm3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-lore",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "13.2.0-1ubuntu1.2+esm3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:Pro:16.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=esm-infra%2Fxenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

15.*
15.2.1-1ubuntu2
15.5.0-1
15.5.0-2
15.5.0-2ubuntu1
15.5.0-4
16.*
16.0.0~pre1-1
16.0.0~pre1-1ubuntu1
16.0.0~pre1-2ubuntu1
16.0.0~pre1-3
16.0.0-1
16.0.0-1ubuntu0.2
16.0.0-1ubuntu0.4
16.0.0-1ubuntu0.4+esm1
16.0.0-1ubuntu0.4+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        },
        {
            "binary_name": "python3-twisted",
            "binary_version": "16.0.0-1ubuntu0.4+esm2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"
Ubuntu:Pro:18.04:LTS
twisted

Package

Name
twisted
Purl
pkg:deb/ubuntu/twisted?arch=source&distro=esm-infra%2Fbionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*
16.6.0-2ubuntu3
17.*
17.9.0-1
17.9.0-2
17.9.0-2ubuntu0.1
17.9.0-2ubuntu0.3
17.9.0-2ubuntu0.3+esm1
17.9.0-2ubuntu0.3+esm2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-twisted",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-conch",
            "binary_version": "1:17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-core",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-mail",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-names",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-news",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-runner",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-web",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python-twisted-words",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python3-twisted",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        },
        {
            "binary_name": "python3-twisted-bin",
            "binary_version": "17.9.0-2ubuntu0.3+esm2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-42304.json"