Описание
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.0.1-1 |
| esm-apps/noble | released | 2.1.2-2ubuntu0.1~esm1 |
| esm-infra/bionic | ignored | fix would unavoidably negatively impact other packages |
| esm-infra/focal | released | 1.4.1-1ubuntu0.2 |
| esm-infra/xenial | ignored | fix would unavoidably negatively impact other packages |
| focal | released | 1.4.1-1ubuntu0.2 |
| jammy | released | 1.4.4-1.1ubuntu1.1 |
| noble | needed | |
| oracular | released | 3.0.0-1ubuntu0.1 |
| plucky | not-affected | 3.0.1-1 |
Показывать по
Ссылки на источники
7.5 High
CVSS3
Связанные уязвимости
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...
7.5 High
CVSS3