CVE-2009-5011

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pypi/pyftpdlib

Identifiers

GHSA-62xg-239j-vxg7, CVE-2009-5011

Package Slug

pypi/pyftpdlib

Vulnerability

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

Affected Versions

All versions up to 0.5.1

Solution

Upgrade to version 0.5.2 or above.

Last Modified

2022-06-19

source