Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
CVE-2026-42304 is a denial of service (DoS) vulnerability in the twisted. names module of the python-twisted library. It involves crafted DNS compression pointer chains that can cause resource exhaustion or service disruption. The vulnerability affects Microsoft products including Azure Linux 3. 0 and python-twisted version 3. 0. No CVSS score or detailed vendor advisory is currently available, and no known exploits are reported in the wild. Patch status is not confirmed, and no official fix or mitigation guidance has been provided by Microsoft at this time.
AI Analysis
Technical Summary
This vulnerability in the twisted.names DNS module allows an attacker to trigger a denial of service by sending specially crafted DNS responses containing malicious compression pointer chains. These crafted inputs can cause excessive resource consumption or crashes in affected versions of python-twisted, including those used in Microsoft Azure Linux 3.0 environments. The issue is categorized under CWE-400 (Uncontrolled Resource Consumption). No CVSS score or patch information is currently available from the Microsoft Security Response Center.
Potential Impact
Successful exploitation of this vulnerability could lead to denial of service conditions in applications or services using the affected twisted.names module, potentially disrupting DNS resolution functionality. There are no reports of active exploitation in the wild. The impact is limited to service availability degradation or crashes.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Microsoft and consider applying any recommended workarounds or mitigations once available.
Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains
Description
CVE-2026-42304 is a denial of service (DoS) vulnerability in the twisted. names module of the python-twisted library. It involves crafted DNS compression pointer chains that can cause resource exhaustion or service disruption. The vulnerability affects Microsoft products including Azure Linux 3. 0 and python-twisted version 3. 0. No CVSS score or detailed vendor advisory is currently available, and no known exploits are reported in the wild. Patch status is not confirmed, and no official fix or mitigation guidance has been provided by Microsoft at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in the twisted.names DNS module allows an attacker to trigger a denial of service by sending specially crafted DNS responses containing malicious compression pointer chains. These crafted inputs can cause excessive resource consumption or crashes in affected versions of python-twisted, including those used in Microsoft Azure Linux 3.0 environments. The issue is categorized under CWE-400 (Uncontrolled Resource Consumption). No CVSS score or patch information is currently available from the Microsoft Security Response Center.
Potential Impact
Successful exploitation of this vulnerability could lead to denial of service conditions in applications or services using the affected twisted.names module, potentially disrupting DNS resolution functionality. There are no reports of active exploitation in the wild. The impact is limited to service availability degradation or crashes.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. Until an official fix is released, users should monitor for updates from Microsoft and consider applying any recommended workarounds or mitigations once available.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2026-42304
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1ca15de29bf47b505e22a4
Added to database: 5/31/2026, 9:00:13 PM
Last enriched: 5/31/2026, 9:03:26 PM
Last updated: 6/2/2026, 4:58:13 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.