Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2022-31015

Published: 31/05/2022 Updated: 14/06/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Waitress

Vulnerability Summary

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

agendaless waitress

Vendor Advisories

Debian CVElist Bug Report Logs: waitress: CVE-2022-31015
Debian Bug report logs - #1012315 waitress: CVE-2022-31015 Package: src:waitress; Maintainer for src:waitress is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Jun 2022 19:21:02 UTC Severity: important Tags: security, upstream Found in version ...
Red Hat:
Waitress is a Web Server Gateway Interface server for Python 2 and 3 Waitress versions 210 and 211 may terminate early due to a thread closing a socket while the main thread is about to call select() This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed This issue has ...

References

CWE-362CWE-248https://github.com/Pylons/waitress/pull/377https://github.com/Pylons/waitress/issues/374https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rwhttps://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012315https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook