CVE-2009-5010 — Race Condition in Pyftpdlib

CWE-362 — Race Condition5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 22.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

2

G.rodola Pyftpdlib Debian Python-pyftpdlib

Timeline

PublishedOct 19

Latest updateMay 2

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶PyPIg.rodola/pyftpdlib< 0.5.1

▶NVDg.rodola/pyftpdlib0.5.0+5

▶debiandebian/python-pyftpdlib

Patches

Patch: bugs.python.org ↗Patch: bugs.python.org ↗

🔴Vulnerability Details

3

OSV

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib↗2022-05-02

▶

GHSA

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib↗2022-05-02

▶

OSV

CVE-2009-5010: Race condition in the FTPHandler class in ftpserver↗2010-10-19

▶

📋Vendor Advisories

1

Debian

CVE-2009-5010: python-pyftpdlib - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1...↗2009

▶