CVE-2009-5013
published 2010-10-19CVE-2009-5013: Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory…
PriorityP413medium4CVSS 2.0
AVNACLAuSCNINAP
EPSS
1.16%
63.1th percentile
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pyftpdlib | < python-pyftpdlib 0.5.2-1 (bookworm) | python-pyftpdlib 0.5.2-1 (bookworm) |
| g.rodola | pyftpdlib | <= 0.5.1 | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | — | — |
| g.rodola | pyftpdlib | >= 0 < 0.5.2 | 0.5.2 |
CVSS provenance
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv4.0MEDIUM
vendor_debian4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2009-5013: python-pyftpdlib - Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5...
vendor_debian·2009·CVSS 4.0
CVE-2009-5013 [MEDIUM] CVE-2009-5013: python-pyftpdlib - Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5...
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
Scope: local
bookworm: resolved (fixed in 0.5.2-1)
bullseye: resolved (fixed in 0.5.2-1)
forky: resolved (fixed in 0.5.2-1)
sid: resolved (fixed in 0.5.2-1)
trixie: resolved (fixed in 0.5.2-1)
GHSA
Uncontrolled Resource Consumption in pyftpdlib
ghsa·2022-05-02
CVE-2009-5013 [MEDIUM] CWE-400 Uncontrolled Resource Consumption in pyftpdlib
Uncontrolled Resource Consumption in pyftpdlib
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
OSV
Uncontrolled Resource Consumption in pyftpdlib
osv·2022-05-02
CVE-2009-5013 [MEDIUM] Uncontrolled Resource Consumption in pyftpdlib
Uncontrolled Resource Consumption in pyftpdlib
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
OSV
CVE-2009-5013: Memory leak in the on_dtp_close function in ftpserver
osv·2010-10-19·CVSS 4.0
CVE-2009-5013 [MEDIUM] CVE-2009-5013: Memory leak in the on_dtp_close function in ftpserver
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2009-5011 CVE-2009-5012 CVE-2009-5013 CVE-2010-3494 pyftpdlib various flaws [fedora-12]
bugzilla·2010-10-24·CVSS 4.3
CVE-2009-5011 [MEDIUM] CVE-2009-5011 CVE-2009-5012 CVE-2009-5013 CVE-2010-3494 pyftpdlib various flaws [fedora-12]
CVE-2009-5011 CVE-2009-5012 CVE-2009-5013 CVE-2010-3494 pyftpdlib various flaws [fedora-12]
fedora-12 tracking bug for pyftpdlib: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Adding parent bug CVE-2009-5012
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=646169,646171
---
Adding parent bug CVE-2009-5013
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=646169,646171,646174
---
Adding parent bug CVE-2010-3494
New bodhi update url:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=646169,646171,646174,646177
---
pyftp
Bugzilla
CVE-2009-5013 pyftpdlib: DoS (memory consumption) by sending a QUIT command during a data transfer
bugzilla·2010-10-24·CVSS 4.0
CVE-2009-5013 [MEDIUM] CVE-2009-5013 pyftpdlib: DoS (memory consumption) by sending a QUIT command during a data transfer
CVE-2009-5013 pyftpdlib: DoS (memory consumption) by sending a QUIT command during a data transfer
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5013 to
the following vulnerability:
Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib
before 0.5.2 allows remote authenticated users to cause a denial of
service (memory consumption) by sending a QUIT command during a data
transfer.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5013
[2] http://code.google.com/p/pyftpdlib/issues/detail?id=119
[3] http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
[4] http://code.google.com/p/pyftpdlib/source/detail?r=615
[5] http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.
http://code.google.com/p/pyftpdlib/issues/detail?id=119http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=615http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.pyhttp://code.google.com/p/pyftpdlib/issues/detail?id=119http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORYhttp://code.google.com/p/pyftpdlib/source/detail?r=615http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py
2010-10-19
Published