SB2019102938 - Input validation error in Python
Published: October 29, 2019 Updated: June 3, 2025
Security Bulletin ID
SB2019102938
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Input validation error (CVE-ID: CVE-2010-3492)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
Remediation
Install update from vendor's website.
References
- http://bugs.python.org/issue6706
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
- http://www.openwall.com/lists/oss-security/2010/09/09/6
- http://www.openwall.com/lists/oss-security/2010/09/11/2
- http://www.openwall.com/lists/oss-security/2010/09/22/3
- http://www.openwall.com/lists/oss-security/2010/09/24/3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12111