N/A

CVSS Score

Basic Information

CVE ID

CVE-2010-3495

GHSA ID

GHSA-j6m4-frxh-p4x8

EPSS Score

0.76603%

CWE

CWE-362

Published

5/17/2022

Updated

11/19/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2010-3495

CVE-2010-3495: Zope Object Database Denial of Service vulnerability

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0a2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

(GitHub Advisory)

N/A

CVSS Score

Basic Information

CVE ID

CVE-2010-3495

GHSA ID

GHSA-j6m4-frxh-p4x8

EPSS Score

0.76603%

CWE

CWE-362

Published

5/17/2022

Updated

11/19/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
zodb3	pip	< 3.10.0a2	3.10.0a2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper error handling in the TCP connection acceptance process. The commit diff shows the patched version adds try/except blocks and socket cleanup in handle_accept. Multiple sources (CVE description, Python bug 6706, ZODB bug 135108) confirm the root cause was unhandled edge cases in accept() implementation. The StorageServer's connection handling in ZEO/zrpc/server.py was directly modified in the fix, indicating this was the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

R*** *on*ition in `Z*O/Stor***S*rv*r.py` in Zop* O*j**t **t***s* (ZO**) ***or* *.**.*** *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (***mon out***) *y *st**lis*in* *n* t**n imm**i*t*ly *losin* * T*P *onn**tion, l***in* to t** ****pt *un*tion

Reasoning

T** vuln*r**ility st*ms *rom improp*r *rror **n*lin* in t** T*P *onn**tion ****pt*n** pro**ss. T** *ommit *i** s*ows t** p*t**** v*rsion ***s try/*x**pt *lo*ks *n* so*k*t *l**nup in **n*l*_****pt. Multipl* sour**s (*V* **s*ription, Pyt*on *u* ****, Z

N/A

Basic Information

Concerned about an active attack path?

CVE-2010-3495: Zope Object Database Denial of Service vulnerability

N/A

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI