CVE-2022-31015

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
agendalesswaitress
2.1.0 ≤
𝑥
< 2.1.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
waitress
bullseye (security)
1.4.4-1.1+deb11u1
fixed
bullseye
1.4.4-1.1+deb11u1
not-affected
buster
not-affected
stretch
not-affected
bookworm
2.1.2-2
fixed
sid
3.0.1-1
fixed
trixie
3.0.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
waitress
kinetic
Fixed 2.1.1-2ubuntu1
released
jammy
not-affected
impish
ignored
focal
not-affected
bionic
not-affected
xenial
not-affected
Common Weakness Enumeration
References
https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48
https://github.com/Pylons/waitress/issues/374
https://github.com/Pylons/waitress/pull/377
https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw
https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48
https://github.com/Pylons/waitress/issues/374
https://github.com/Pylons/waitress/pull/377
https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw