Description

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.

INFO

Published Date :

2024-10-29T14:18:40.951Z

Last Modified :

2024-11-17T00:11:26.954Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-49769 vulnerability.

Vendors Products
Agendaless
  • Waitress
Pylons
  • Waitress
Redhat
  • Openshift Ironic
  • Openstack
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-49769.

URL Resource
https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c cve-icon cve-icon cve-icon
https://github.com/Pylons/waitress/issues/418 cve-icon cve-icon cve-icon
https://github.com/Pylons/waitress/pull/435 cve-icon cve-icon cve-icon
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 cve-icon cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-49769 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-49769 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact