PT-2019-14830 · Excon+1 · Excon+1

Geemus

Published

2019-12-16

Updated

2021-11-05

CVE-2019-16779

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions excon versions prior to 0.71.0

Description The issue is related to a race condition around persistent connections in excon, where an interrupted connection, such as by a timeout, would leave data on the socket. Subsequent requests would then read this data, returning content from the previous response. The race condition window appears to be short, making it difficult to purposefully exploit.

Recommendations For versions prior to 0.71.0, upgrade to version 0.71.0 or a newer version if available. As a temporary workaround, consider disabling persistent connections to minimize the risk of exploitation, though this may cause performance implications.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-664

Related Identifiers

CVE-2019-16779

DLA-2070-1

GHSA-Q58G-455P-8VW9

OESA-2021-1420

OPENSUSE-SU-2020:0036-1

OPENSUSE-SU-2020:0139-1

OPENSUSE-SU-2020_0036-1

SUSE-SU-2020:2053-1

SUSE-SU-2020_2053-1

Affected Products

Suse

Excon

PT-2019-14830 · Excon+1 · Excon+1

CVE-2019-16779

Weakness Enumeration

Related Identifiers

Affected Products

References · 26