HIGH🇬🇧 English

CVE-2024-49769

CVSS 7.5v3.1pub. 2024-10-29upd. 2024-11-21

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Agendaless Waitress

    APP
    Agendaless
    < 3.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Race Condition
CWE
Referencje

Powiązane podatności

CVE-2024-49768CRITICAL9.1PL ✓ten sam produkt

Race condition w Waitress umożliwia obsługę żądań po zamknięciu połączenia

CVE-2022-24761HIGH7.5ten sam produkt

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and p...

CVE-2019-16792HIGH7.1ten sam produkt

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress w...

CVE-2019-16789HIGH7.1ten sam produkt

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be s...

CVE-2019-16785HIGH7.1ten sam produkt

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line termin...