CVE-2010-3495

Published: Oct 19, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

Affected (28)

Products: Zope: Zodb

1 product

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Zope Zodb	Up to 3.9.7
Zope Zodb	Version 2.10.9
Zope Zodb	Version 2.11.4
Zope Zodb	Version 2.8.11
Zope Zodb	Version 2.9.11
Zope Zodb	Version 3.1.1
Zope Zodb	Version 3.1
Zope Zodb	Version 3.2.4
Zope Zodb	Version 3.2
Zope Zodb	Version 3.3.3
Zope Zodb	Version 3.3
Zope Zodb	Version 3.4.1
Zope Zodb	Version 3.4
Zope Zodb	Version 3.5
Zope Zodb	Version 3.6
Zope Zodb	Version 3.7
Zope Zodb	Version 3.8.0
Zope Zodb	Version 3.8.1
Zope Zodb	Version 3.8.2
Zope Zodb	Version 3.8.6
Zope Zodb	Version 3.8
Zope Zodb	Version 3.9.0
Zope Zodb	Version 3.9.0b1
Zope Zodb	Version 3.9.0b2
Zope Zodb	Version 3.9.0b3
Zope Zodb	Version 3.9.0b4
Zope Zodb	Version 3.9.0b5
Zope Zodb	Version 3.9.0c1

Related CWEs

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (18)

http://bugs.python.org/issue6706

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Source: cve@mitre.org

http://pypi.python.org/pypi/ZODB3/3.10.0#id1

Source: cve@mitre.org

http://secunia.com/advisories/41755

Source: cve@mitre.org

Vendor Advisory

http://www.openwall.com/lists/oss-security/2010/09/09/6

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2010/09/11/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2010/09/22/3

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2010/09/24/3

Source: cve@mitre.org

https://bugs.launchpad.net/zodb/+bug/135108

Source: cve@mitre.org

http://bugs.python.org/issue6706

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://pypi.python.org/pypi/ZODB3/3.10.0#id1

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/41755

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.openwall.com/lists/oss-security/2010/09/09/6

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/09/11/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/09/22/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2010/09/24/3

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/zodb/+bug/135108

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.