CVE-2010-3495Race Condition in Zodb

CWE-362Race Condition4 documents3 sources
Severity
4.3MEDIUMNVD
GHSA5.0OSV5.0
EPSS
1.0%
top 22.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zope Zodb
Timeline
PublishedOct 19
Latest updateMay 17

Description

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDzope/zodb3.9.7+27

Patches

Patch: bugs.python.orgPatch: bugs.python.org

🔴Vulnerability Details

3
GHSA
Zope Object Database Denial of Service vulnerability2022-05-17
OSV
Zope Object Database Denial of Service vulnerability2022-05-17
OSV
CVE-2010-3495: Race condition in ZEO/StorageServer2010-10-19