CVE-2022-31015: Uncaught Exception (due to a data race) leads to process termination in Waitress
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62441%
CWE
Published
6/2/2022
Updated
11/19/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
waitress | pip | >= 2.1.0, < 2.1.2 | 2.1.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stemmed from improper synchronization around socket closure. The key changes in the fix:- 1) Added 'do_close' parameter to send() to prevent worker threads from closing sockets directly 2) Modified flushing functions to pass do_close=False when called from worker threads. The original send() implementation in wasyncore.py and its caller _flush_some() in channel.py formed the vulnerable path where a WSGI thread could close a socket while main thread was in select(), causing unhandled exceptions. The commit's focus on these functions and the race condition description confirm their central role.