Miggo Logo

CVE-2010-3495: Zope Object Database Denial of Service vulnerability

N/A

CVSS Score

Basic Information

EPSS Score
0.76603%
Published
5/17/2022
Updated
11/19/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
zodb3pip< 3.10.0a23.10.0a2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper error handling in the TCP connection acceptance process. The commit diff shows the patched version adds try/except blocks and socket cleanup in handle_accept. Multiple sources (CVE description, Python bug 6706, ZODB bug 135108) confirm the root cause was unhandled edge cases in accept() implementation. The StorageServer's connection handling in ZEO/zrpc/server.py was directly modified in the fix, indicating this was the vulnerable entry point.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

R*** *on*ition in `Z*O/Stor***S*rv*r.py` in Zop* O*j**t **t***s* (ZO**) ***or* *.**.*** *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (***mon out***) *y *st**lis*in* *n* t**n imm**i*t*ly *losin* * T*P *onn**tion, l***in* to t** ****pt *un*tion

Reasoning

T** vuln*r**ility st*ms *rom improp*r *rror **n*lin* in t** T*P *onn**tion ****pt*n** pro**ss. T** *ommit *i** s*ows t** p*t**** v*rsion ***s try/*x**pt *lo*ks *n* so*k*t *l**nup in **n*l*_****pt. Multipl* sour**s (*V* **s*ription, Pyt*on *u* ****, Z