Moderate severityNVD Advisory· Published Oct 19, 2010· Updated Apr 29, 2026
CVE-2010-3495
CVE-2010-3495
Description
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
zodb3PyPI | < 3.10.0a2 | 3.10.0a2 |
Affected products
28cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*+ 27 more
- cpe:2.3:a:zope:zodb:*:*:*:*:*:*:*:*range: <=3.9.7
- cpe:2.3:a:zope:zodb:2.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:2.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.7:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b1:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b2:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b3:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b4:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0b5:*:*:*:*:*:*:*
- cpe:2.3:a:zope:zodb:3.9.0c1:*:*:*:*:*:*:*
Patches
1cfe16277ef1bFix: https://bugs.launchpad.net/zodb/+bug/135108
3 files changed · +58 −2
src/CHANGES.txt+9 −0 modified@@ -62,6 +62,15 @@ Bugs Fixed - Fixed some problems in ZEO server commit lock management. +- On Mac OS X, clients that connected and disconnected quickly could + cause a ZEO server to stop accepting connections, due to a failure + to catch errors in the initial part of the connection process. + + The failure to properly handle exceptions while accepting + connections is potentially problematic on other platforms. + + Fixes: https://bugs.launchpad.net/zodb/+bug/135108 + 3.10.0a1 (2010-02-08) =====================
src/ZEO/tests/testZEO.py+28 −0 modified@@ -1338,6 +1338,34 @@ def test_work_with_multiprocessing(self): class MultiprocessingTests(unittest.TestCase): pass +def quick_close_doesnt_kill_server(): + r""" + + Start a server: + + >>> addr, _ = start_server() + + Now connect and immediately disconnect. This caused the server to + die in the past: + + >>> import socket, struct + >>> for i in range(5): + ... s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + ... s.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, + ... struct.pack('ii', 1, 0)) + ... s.connect(addr) + ... s.close() + + Now we should be able to connect as normal: + + >>> db = ZEO.DB(addr) + >>> db.storage.is_connected() + True + + >>> db.close() + + """ + slow_test_classes = [ BlobAdaptedFileStorageTests, BlobWritableCacheTests, DemoStorageTests, FileStorageTests, MappingStorageTests,
src/ZEO/zrpc/server.py+21 −2 modified@@ -17,6 +17,7 @@ from ZEO.zrpc.connection import Connection from ZEO.zrpc.log import log +import ZEO.zrpc.log import logging # Export the main asyncore loop @@ -54,5 +55,23 @@ def handle_accept(self): except socket.error, msg: log("accepted failed: %s" % msg) return - c = self.factory(sock, addr) - log("connect from %s: %s" % (repr(addr), c)) + + # We could short-circuit the attempt below in some edge cases + # and avoid a log message by checking for addr being None. + # Unfortunately, our test for the code below, + # quick_close_doesnt_kill_server, causes addr to be None and + # we'd have to write a test for the non-None case, which is + # *even* harder to provoke. :/ So we'll leave things as they + # are for now. + + # It might be better to check whether the socket has been + # closed, but I don't see a way to do that. :( + + try: + c = self.factory(sock, addr) + except: + if sock.fileno() in asyncore.socket_map: + del asyncore.socket_map[sock.fileno()] + ZEO.zrpc.log.logger.exception("Error in handle_accept") + else: + log("connect from %s: %s" % (repr(addr), c))
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
15- bugs.python.org/issue6706nvdPatchWEB
- secunia.com/advisories/41755nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-j6m4-frxh-p4x8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2010-3495ghsaADVISORY
- lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.htmlnvdWEB
- pypi.python.org/pypi/ZODB3/3.10.0nvdWEB
- www.openwall.com/lists/oss-security/2010/09/09/6nvdWEB
- www.openwall.com/lists/oss-security/2010/09/11/2nvdWEB
- www.openwall.com/lists/oss-security/2010/09/22/3nvdWEB
- www.openwall.com/lists/oss-security/2010/09/24/3nvdWEB
- bugs.launchpad.net/zodb/+bug/135108nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/zodb3/PYSEC-2010-27.yamlghsaWEB
- github.com/zopefoundation/ZODB/commit/cfe16277ef1b5bb094dc79da50b0df1ee1537590ghsaWEB
- pypi.org/project/ZODB3/3.10.0a2/ghsaWEB
- web.archive.org/web/20111225005929/http://secunia.com/advisories/41755ghsaWEB
News mentions
0No linked articles in our index yet.