CVE-2010-3495: Zope Object Database Denial of Service vulnerability
N/A
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.76603%
CWE
Published
5/17/2022
Updated
11/19/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
-
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
zodb3 | pip | < 3.10.0a2 | 3.10.0a2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper error handling in the TCP connection acceptance process. The commit diff shows the patched version adds try/except blocks and socket cleanup in handle_accept. Multiple sources (CVE description, Python bug 6706, ZODB bug 135108) confirm the root cause was unhandled edge cases in accept() implementation. The StorageServer's connection handling in ZEO/zrpc/server.py was directly modified in the fix, indicating this was the vulnerable entry point.