CVE-2009-5010

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pypi/pyftpdlib

Identifiers

GHSA-mpg6-rgp4-35rr, CVE-2009-5010

Package Slug

pypi/pyftpdlib

Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.

Affected Versions

All versions up to 0.5.0

Solution

Upgrade to version 0.5.1 or above.

Last Modified

2022-06-19

source