How severe is CVE-2024-49769?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-49769?

This is classified as CWE-772, which is a common weakness in software security.

CVE-2024-49769 - HIGH Severity | CVSS 7.5

Vulnerability Description

Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.

Related Vulnerabilities

CVE-1999-1127

HIGH

CVSS:7.5(High)

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing m...

CWE-7721999

CVE-2001-0830

HIGH

CVSS:7.5(High)

6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to a...

CWE-7722001

CVE-2007-0897

HIGH

CVSS:7.5(High)

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scan...

CWE-7722007

CVE-2007-4103

HIGH

CVSS:7.5(High)

The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows ...

CWE-7722007

CVE-2008-2122

HIGH

CVSS:7.5(High)

IBM Rational Build Forge 7.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a port scan, which spawns multiple bfagent server processes that attempt to read data from clo...

CWE-7722008

CVE-2010-4657

HIGH

CVSS:7.5(High)

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

CWE-7722010