Skip to content

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

Moderate severity GitHub Reviewed Published May 2, 2022 to the GitHub Advisory Database • Updated Jan 29, 2023

Package

pip pyftpdlib (pip)

Affected versions

<= 0.5.1

Patched versions

0.5.2

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

References

Published by the National Vulnerability Database Oct 19, 2010
Published to the GitHub Advisory Database May 2, 2022
Reviewed Jun 17, 2022
Last updated Jan 29, 2023

Severity

Moderate

EPSS score

0.920%
(83rd percentile)

Weaknesses

CVE ID

CVE-2009-5011

GHSA ID

GHSA-62xg-239j-vxg7

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.