Bug 2322460 (CVE-2024-49768) - CVE-2024-49768 waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request
Summary: CVE-2024-49768 waitress: python-waitress: request processing race condition i...
Keywords:
Status: NEW
Alias: CVE-2024-49768
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2322493 2322494 2322488 2322489 2322490 2322491 2322492 2322495 2322496 2324285 2332106
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-29 15:01 UTC by OSIDB Bzimport
Modified: 2025-02-13 00:44 UTC (History)
20 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2025:1373 0 None None None 2025-02-13 00:17:35 UTC
Red Hat Product Errata RHBA-2025:1376 0 None None None 2025-02-13 00:44:50 UTC
Red Hat Product Errata RHSA-2024:10145 0 None None None 2024-11-26 11:22:49 UTC
Red Hat Product Errata RHSA-2024:10535 0 None None None 2024-12-05 02:22:19 UTC
Red Hat Product Errata RHSA-2024:10815 0 None None None 2024-12-12 02:22:57 UTC
Red Hat Product Errata RHSA-2024:9613 0 None None None 2024-11-19 08:48:52 UTC
Red Hat Product Errata RHSA-2024:9618 0 None None None 2024-11-20 00:54:36 UTC
Red Hat Product Errata RHSA-2024:9623 0 None None None 2024-11-20 04:25:14 UTC
Red Hat Product Errata RHSA-2025:0201 0 None None None 2025-01-09 14:56:17 UTC
Red Hat Product Errata RHSA-2025:1191 0 None None None 2025-02-10 01:05:00 UTC
Red Hat Product Errata RHSA-2025:1192 0 None None None 2025-02-10 01:05:08 UTC

Description OSIDB Bzimport 2024-10-29 15:01:56 UTC 
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature.
Comment 1 errata-xmlrpc 2024-11-19 08:48:50 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.17

Via RHSA-2024:9613 https://access.redhat.com/errata/RHSA-2024:9613
Comment 2 errata-xmlrpc 2024-11-20 00:54:34 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.16

Via RHSA-2024:9618 https://access.redhat.com/errata/RHSA-2024:9618
Comment 3 errata-xmlrpc 2024-11-20 04:25:12 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.14

Via RHSA-2024:9623 https://access.redhat.com/errata/RHSA-2024:9623
Comment 4 errata-xmlrpc 2024-11-26 11:22:47 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.15

Via RHSA-2024:10145 https://access.redhat.com/errata/RHSA-2024:10145
Comment 5 errata-xmlrpc 2024-12-05 02:22:17 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.12
  Ironic content for Red Hat OpenShift Container Platform 4.12

Via RHSA-2024:10535 https://access.redhat.com/errata/RHSA-2024:10535
Comment 6 errata-xmlrpc 2024-12-12 02:22:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.13
  Ironic content for Red Hat OpenShift Container Platform 4.13

Via RHSA-2024:10815 https://access.redhat.com/errata/RHSA-2024:10815
Comment 7 errata-xmlrpc 2025-01-09 14:56:15 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 16.2

Via RHSA-2025:0201 https://access.redhat.com/errata/RHSA-2025:0201
Comment 8 errata-xmlrpc 2025-02-10 01:04:59 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 9

Via RHSA-2025:1191 https://access.redhat.com/errata/RHSA-2025:1191
Comment 9 errata-xmlrpc 2025-02-10 01:05:07 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.1 for RHEL 8

Via RHSA-2025:1192 https://access.redhat.com/errata/RHSA-2025:1192
Note You need to log in before you can comment on or make changes to this bug.