CVE-2009-5013: Uncontrolled Resource Consumption in pyftpdlib

May 2, 2022 (updated October 14, 2024)

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.

References

github.com/advisories/GHSA-8gv6-x88p-3f6h
github.com/giampaolo/pyftpdlib
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-10.yaml
nvd.nist.gov/vuln/detail/CVE-2009-5013

Detect and mitigate CVE-2009-5013 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →