CVE-2010-3495 — Zope Object Database Denial of Service vulnerability

Description

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

How to fix CVE-2010-3495

To remediate CVE-2010-3495, upgrade the affected package to a fixed version below.

PyPI/zodb3—upgrade to 3.10.0a2 or later
—upgrade to 3.10.0a1 or later

Is CVE-2010-3495 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.10.0a2
from 0, < 3.10.0a1

References (15)

ADVISORYgithub.com/advisories/GHSA-j6m4-frxh-p4x8
ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-3495
WEBbugs.python.org/issue6706
WEBlists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
WEB