CVE-2009-5010 – pyftpdlib

Package

Manager: pip
Name: pyftpdlib
Vulnerable Version: >=0 <0.5.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.01038 pctl0.76567

Details

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.

Metadata

Created: 2022-05-02T04:00:27Z
Modified: 2024-10-14T17:00:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mpg6-rgp4-35rr/GHSA-mpg6-rgp4-35rr.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-mpg6-rgp4-35rr
Finding: F124
Auto approve: 1