Hi Dustin,

This exploit appears to be specific to how received data is written to the already existing buffer, so the _into forms of recv,recvfrom. Even if we assume there's a parallel export for regular recv_into and not just recvfrom_into (which hasn't been shown), Twisted never calls either of the _into forms.

As a result, it looks like we're unaffected.