Miggo Logo

CVE-2022-31015: Uncaught Exception (due to a data race) leads to process termination in Waitress

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.62441%
Published
6/2/2022
Updated
11/19/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
waitresspip>= 2.1.0, < 2.1.22.1.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper synchronization around socket closure. The key changes in the fix:- 1) Added 'do_close' parameter to send() to prevent worker threads from closing sockets directly 2) Modified flushing functions to pass do_close=False when called from worker threads. The original send() implementation in wasyncore.py and its caller _flush_some() in channel.py formed the vulnerable path where a WSGI thread could close a socket while main thread was in select(), causing unhandled exceptions. The commit's focus on these functions and the race condition description confirm their central role.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t W*itr*ss m*y t*rmin*t* **rly *u* to * t*r*** *losin* * so*k*t w*il* t** m*in t*r*** is **out to **ll s*l**t(). T*is will l*** to t** m*in t*r*** r*isin* *n *x**ption t**t is not **n*l** *n* t**n **usin* t** *ntir* *ppli**tion to ** kill**

Reasoning

T** vuln*r**ility st*mm** *rom improp*r syn**roniz*tion *roun* so*k*t *losur*. T** k*y ***n**s in t** *ix:- *) ***** '*o_*los*' p*r*m*t*r to s*n*() to pr*v*nt work*r t*r***s *rom *losin* so*k*ts *ir**tly *) Mo*i*i** *lus*in* *un*tions to p*ss *o_*los