Vulnerability Details : CVE-2010-3492
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
Vulnerability category: Denial of service
Threat overview for CVE-2010-3492
Top countries where our scanners detected CVE-2010-3492
Top open port discovered on systems with this issue
8123
IPs affected by CVE-2010-3492 118,581
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3492!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3492
Probability of exploitation activity in the next 30 days: 3.78%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3492
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
References for CVE-2010-3492
-
http://www.openwall.com/lists/oss-security/2010/09/09/6
oss-security - CVE Request -- Python -- accept() implementation in async core is broken => more subcasesMailing List;Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
mandriva.comThird Party Advisory
-
http://bugs.python.org/issue6706
Issue 6706: asyncore's accept() is broken - Python trackerPatch;Vendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
mandriva.comThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111
Repository / Oval RepositoryThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2010/09/24/3
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcasesMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2010/09/22/3
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcasesMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2010/09/11/2
oss-security - Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcasesMailing List;Third Party Advisory
Products affected by CVE-2010-3492
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*