6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31015

GHSA ID

GHSA-f5x9-8jwc-25rw

EPSS Score

0.62441%

CWE

CWE-248

Published

6/2/2022

Updated

11/19/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-31015

CVE-2022-31015: Uncaught Exception (due to a data race) leads to process termination in Waitress

Impact

Waitress may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed.

Patches

This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket, instead it is always delegated to the main thread.

Workarounds

There is no work-around, however users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

For more information

If you have any questions or comments about this advisory:

Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related)
email the Pylons Security mailing list: pylons-project-security@googlegroups.com (if security related)

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-31015

GHSA ID

GHSA-f5x9-8jwc-25rw

EPSS Score

0.62441%

CWE

CWE-248

Published

6/2/2022

Updated

11/19/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
waitress	pip	>= 2.1.0, < 2.1.2	2.1.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper synchronization around socket closure. The key changes in the fix:- 1) Added 'do_close' parameter to send() to prevent worker threads from closing sockets directly 2) Modified flushing functions to pass do_close=False when called from worker threads. The original send() implementation in wasyncore.py and its caller _flush_some() in channel.py formed the vulnerable path where a WSGI thread could close a socket while main thread was in select(), causing unhandled exceptions. The commit's focus on these functions and the race condition description confirm their central role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W*itr*ss m*y t*rmin*t* **rly *u* to * t*r*** *losin* * so*k*t w*il* t** m*in t*r*** is **out to **ll s*l**t(). T*is will l*** to t** m*in t*r*** r*isin* *n *x**ption t**t is not **n*l** *n* t**n **usin* t** *ntir* *ppli**tion to ** kill**

Reasoning

T** vuln*r**ility st*mm** *rom improp*r syn**roniz*tion *roun* so*k*t *losur*. T** k*y ***n**s in t** *ix:- *) ***** '*o_*los*' p*r*m*t*r to s*n*() to pr*v*nt work*r t*r***s *rom *losin* so*k*ts *ir**tly *) Mo*i*i** *lus*in* *un*tions to p*ss *o_*los

6.5

Basic Information

Concerned about an active attack path?

CVE-2022-31015: Uncaught Exception (due to a data race) leads to process termination in Waitress

Impact

Patches

Workarounds

For more information

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI