CVE-2010-3492Race Condition in Python

CWE-362Race Condition19 documents7 sources
Severity
5.0MEDIUMNVD
NVD4.3
EPSS
1.4%
top 19.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
PythonG.rodola PyftpdlibDebian Python-pyftpdlib+2 more
Timeline
PublishedOct 19
Latest updateMay 17

Description

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

NVDpython/python3.03.1.2+3
debiandebian/python2.7< python2.7 2.7.8-11 (bullseye)
debiandebian/python-pyftpdlib< python-pyftpdlib 0.5.2-1 (bookworm)
PyPIg.rodola/pyftpdlib< 0.5.2
NVDzope/zodb3.9.7+27

Patches

Patch: bugs.python.orgPatch: bugs.python.org

🔴Vulnerability Details

9
OSV
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib2022-05-17
GHSA
Concurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib2022-05-17
GHSA
Zope Object Database Denial of Service vulnerability2022-05-17
OSV
Zope Object Database Denial of Service vulnerability2022-05-17
GHSA
GHSA-795r-vggr-7g7x: The asyncore module in Python before 32022-05-13

📋Vendor Advisories

4
Red Hat
python accept() implementation in async core is broken2010-09-09
Red Hat
Python: SMTP proxy RFC 2821 module DoS (uncaught exception) (Issue #9129)2010-06-30
Debian
CVE-2010-3492: python2.7 - The asyncore module in Python before 3.2 does not properly handle unsuccessful c...2010
Debian
CVE-2010-3494: python-pyftpdlib - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2...2010

💬Community

2
Bugzilla
CVE-2010-3494 pyftpdlib: Race condition in the FTPHandler class in ftpserver.py2010-10-24
Bugzilla
CVE-2010-3492 python accept() implementation in async core is broken2010-09-28