CVE-2009-5011: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

May 2, 2022 (updated October 15, 2024)

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

References

github.com/advisories/GHSA-62xg-239j-vxg7
github.com/giampaolo/pyftpdlib
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-8.yaml
nvd.nist.gov/vuln/detail/CVE-2009-5011

Detect and mitigate CVE-2009-5011 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →