How severe is CVE-2022-31015?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2022-31015?

This is classified as CWE-248, which is a common weakness in software security.

CVE-2022-31015 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

Related Vulnerabilities

CVE-2019-6830

MEDIUM

CVSS:5.9(Medium)

A CWE-248: Uncaught Exception vulnerability exists IN Modicon M580 all versions prior to V2.80, which could cause a possible denial of service when sending an appropriately timed HTTP request to the c...

CWE-2482019

CVE-2024-20048

MEDIUM

CVSS:6.2(Medium)

In flashc, there is a possible information disclosure due to an uncaught exception. This could lead to local information disclosure with System execution privileges needed. User interaction is not nee...

CWE-2482024

CVE-2024-42037

MEDIUM

CVSS:6.2(Medium)

Vulnerability of uncaught exceptions in the Graphics module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE-2482024

CVE-2019-10917

MEDIUM

CVSS:5.5(Medium)

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with ...

CWE-2482019

CVE-2021-32694

MEDIUM

CVSS:5.5(Medium)

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught ...

CWE-2482021

CVE-2022-1975

MEDIUM

CVSS:5.5(Medium)

There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.

CWE-2482022