CVE-2009-5011 – pyftpdlib

Package

Manager: pip
Name: pyftpdlib
Vulnerable Version: >=0 <0.5.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00437 pctl0.62171

Details

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

Metadata

Created: 2022-05-02T04:00:27Z
Modified: 2024-10-15T16:14:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-62xg-239j-vxg7/GHSA-62xg-239j-vxg7.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-62xg-239j-vxg7
Finding: F124
Auto approve: 1