Lucene search

K

GitHub Advisory DatabaseGHSA-J6M4-FRXH-P4X8

HistoryMay 17, 2022 - 5:44 a.m.

Zope Object Database Denial of Service vulnerability

2022-05-1705:44:11

CWE-362

GitHub Advisory Database

github.com

11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.4 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0a2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

Affected configurations

Vulners

Node

zodb3Range<3.10.0a2

CPENameOperatorVersion
zodb3lt3.10.0a2

References

bugs.python.org/issue6706

lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

pypi.python.org/pypi/ZODB3/3.10.0#id1

www.openwall.com/lists/oss-security/2010/09/09/6

www.openwall.com/lists/oss-security/2010/09/11/2

www.openwall.com/lists/oss-security/2010/09/22/3

www.openwall.com/lists/oss-security/2010/09/24/3

bugs.launchpad.net/zodb/+bug/135108

github.com/advisories/GHSA-j6m4-frxh-p4x8

nvd.nist.gov/vuln/detail/CVE-2010-3495

pypi.org/project/ZODB3/3.10.0a2/#a2-2010-05-04

web.archive.org/web/20111225005929/secunia.com/advisories/41755

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.4 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

Related for GHSA-J6M4-FRXH-P4X8

cve4 cvelist4 debiancve3 osv3 ubuntucve3 prion4 nvd4 veracode2 f51 openvas7 nessus4 securityvulns2 github1 gentoo1 ibm1