Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3f84-rpwh-47g6

GitHub Security Advisory

Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

When a remote client closes the connection before waitress has had the opportunity to call `getpeername()` waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function.

A remote attacker could run waitress out of available sockets with very little resources required.

### Patches

Waitress 3.0.1 contains fixes that remove the race condition.

### Workarounds

No work-around.

### References

- https://github.com/Pylons/waitress/issues/418
- https://github.com/Pylons/waitress/pull/435

Affected Packages

PyPI waitress
Affected versions: 0 (fixed in 3.0.1)

Related CVEs

CVE-2024-49769

Key Information

GHSA ID
GHSA-3f84-rpwh-47g6
Published
October 29, 2024 2:33 PM
Last Modified
January 21, 2025 5:53 PM
CVSS Score
7.5 /10
Primary Ecosystem
PyPI
Primary Package
waitress
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 9, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.