#VU110150 Input validation error in Python - CVE-2010-3492
Published: October 29, 2019 / Updated: June 3, 2025
Vulnerability identifier: #VU110150
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2010-3492
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Python
Python
Software vendor:
Python.org
Python.org
Description
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
Remediation
Install update from vendor's website.
External links
- http://bugs.python.org/issue6706
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
- http://www.openwall.com/lists/oss-security/2010/09/09/6
- http://www.openwall.com/lists/oss-security/2010/09/11/2
- http://www.openwall.com/lists/oss-security/2010/09/22/3
- http://www.openwall.com/lists/oss-security/2010/09/24/3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111