First published: Tue Nov 19 2024(Updated: )
It was discovered that Waitress could process follow up requests when receiving a specially crafted message. An attacker could use this issue to have the server process inconsistent client requests. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-49768) Dylan Jay discovered that Waitress could be lead to write to an unexisting socket after closing the remote connection. An attacker could use this issue to increase resource utilization leading to a denial of service. (CVE-2024-49769)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-waitress | <3.0.0-1ubuntu0.1 | 3.0.0-1ubuntu0.1 |
Ubuntu Ubuntu | =24.10 | |
All of | ||
ubuntu/python3-waitress | <2.1.2-2ubuntu0.1~esm1 | 2.1.2-2ubuntu0.1~esm1 |
Ubuntu Ubuntu | =24.04 | |
All of | ||
ubuntu/python3-waitress | <1.4.4-1.1ubuntu1.1 | 1.4.4-1.1ubuntu1.1 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python3-waitress | <1.4.1-1ubuntu0.2 | 1.4.1-1ubuntu0.2 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.