FKIE_CVE-2010-3495

Vulnerability from fkie_nvd - Published: 2010-10-19 20:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
References
cve@mitre.orghttp://bugs.python.org/issue6706Patch
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
cve@mitre.orghttp://pypi.python.org/pypi/ZODB3/3.10.0#id1
cve@mitre.orghttp://secunia.com/advisories/41755Vendor Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/09/6
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/11/2
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/22/3
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/24/3
cve@mitre.orghttps://bugs.launchpad.net/zodb/+bug/135108
af854a3a-2127-422b-91ae-364da2661108http://bugs.python.org/issue6706Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://pypi.python.org/pypi/ZODB3/3.10.0#id1
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41755Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/09/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/11/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/22/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/24/3
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/zodb/+bug/135108
Impacted products
Vendor Product Version
zope zodb *
zope zodb 2.8.11
zope zodb 2.9.11
zope zodb 2.10.9
zope zodb 2.11.4
zope zodb 3.1
zope zodb 3.1.1
zope zodb 3.2
zope zodb 3.2.4
zope zodb 3.3
zope zodb 3.3.3
zope zodb 3.4
zope zodb 3.4.1
zope zodb 3.5
zope zodb 3.6
zope zodb 3.7
zope zodb 3.8
zope zodb 3.8.0
zope zodb 3.8.1
zope zodb 3.8.2
zope zodb 3.8.6
zope zodb 3.9.0
zope zodb 3.9.0b1
zope zodb 3.9.0b2
zope zodb 3.9.0b3
zope zodb 3.9.0b4
zope zodb 3.9.0b5
zope zodb 3.9.0c1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF56B793-E691-4C30-BACE-9CE96CDEEB5A",
              "versionEndIncluding": "3.9.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC8B7904-4F44-4641-9275-D995ADDA0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "E70191DA-A946-495D-A2CA-5DA5735B116F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB7982D-2F76-4237-8BBB-A4E5ADE1D497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A461879-EF34-4817-8EBB-1FE7A73E03C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BF6448E-3BD4-4A3D-9D58-C39928F4FB93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0CB7404-734F-4838-AAEE-A5D5E987EBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64DF8BD4-31DC-44A5-944C-AA9AE57CBB9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D3CB7CF-91FC-4B7F-BD38-2F5033C70B99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05A4183-CCE7-4BE2-B8E5-10FC33ABDEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "02371BD4-F40F-4AA7-9214-E9FFCA80138C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59CB22D-604D-4D9D-B7A4-E42026C7F3FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35B0E78-B0E7-41F2-B776-B7B4AE937350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8B6C5C0-E10B-437D-BF3C-0847B78EFDAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EF771A-6AE9-4006-A273-5B04B3EAADDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C38116E1-459C-45A7-A995-20C8ABDCCF65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF49B253-411F-4E83-93B3-556783B73965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8568BD1E-839A-4C78-840D-47807D207C6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "552E429F-964F-4BF8-B974-C4C59EA7871F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "204FA56B-576D-4274-B17C-6AC4FC1EB58B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD0363F4-9D00-4CE2-8984-25A004F1B6D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5CCCAA-83AD-4CD6-B7FD-46809B786395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F38F2B2-E061-4D77-9A88-1C432F31FAFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA88DF5-7A25-4187-8B9D-567B0279FEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFE0BF9-0AC2-4461-BAAE-BDE91A830788",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8EA11C-98BD-419F-9817-4071B287F87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "283DC1FE-6F98-4FFA-A17F-6277AB9815C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zope:zodb:3.9.0c1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A991E3D-03E9-4B2F-90FB-0B308D142B20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492."
    },
    {
      "lang": "es",
      "value": "Condici\u00f3n de carrera en ZEO/StorageServer.py en Zope Object Database (ZODB) antes de v3.10.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (parada programada del demonio) mediante el establecimiento e inmediatamente el cierre de una conexi\u00f3n TCP, lo que lleva a que la funci\u00f3n \u0027accept\u0027 tenga un valor de retorno de \u0027None\u0027, un valor inesperado de \u0027None\u0027 para la direcci\u00f3n, o un error ECONNABORTED, EAGAIN o EWOULDBLOCK. Se trata de un problema relacionado con CVE-2010-3492."
    }
  ],
  "id": "CVE-2010-3495",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-19T20:00:04.377",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.python.org/issue6706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://pypi.python.org/pypi/ZODB3/3.10.0#id1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41755"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/zodb/+bug/135108"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.python.org/issue6706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://pypi.python.org/pypi/ZODB3/3.10.0#id1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/zodb/+bug/135108"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.