PT-2019-14830 · Excon+1 · Excon+1

Geemus

Publicado

2019-12-16

Atualizado

2021-11-05

CVE-2019-16779

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions excon versions prior to 0.71.0

Description The issue is related to a race condition around persistent connections in excon, where an interrupted connection, such as by a timeout, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, making it difficult to purposefully exploit.

Recommendations For versions prior to 0.71.0, upgrade to version 0.71.0 or a newer version if available. As a temporary workaround, consider disabling persistent connections to minimize the risk of exploitation, though this may cause performance implications.

Exploit

Correção

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-664

Identificadores relacionados

CVE-2019-16779

DLA-2070-1

GHSA-Q58G-455P-8VW9

OESA-2021-1420

OPENSUSE-SU-2020:0036-1

OPENSUSE-SU-2020:0139-1

OPENSUSE-SU-2020_0036-1

SUSE-SU-2020:2053-1

SUSE-SU-2020_2053-1

Produtos afetados

Suse

Excon

PT-2019-14830 · Excon+1 · Excon+1

CVE-2019-16779

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26