CVE-2009-5013Uncontrolled Resource Consumption in Pyftpdlib

CWE-399CWE-400Uncontrolled Resource Consumption7 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 33.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
G.rodola PyftpdlibDebian Python-pyftpdlib
Timeline
PublishedOct 19
Latest updateMay 2

Description

Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages3 packages

PyPIg.rodola/pyftpdlib< 0.5.2
debiandebian/python-pyftpdlib< python-pyftpdlib 0.5.2-1 (bookworm)
NVDg.rodola/pyftpdlib0.5.1+6

🔴Vulnerability Details

3
GHSA
Uncontrolled Resource Consumption in pyftpdlib2022-05-02
OSV
Uncontrolled Resource Consumption in pyftpdlib2022-05-02
OSV
CVE-2009-5013: Memory leak in the on_dtp_close function in ftpserver2010-10-19

📋Vendor Advisories

1
Debian
CVE-2009-5013: python-pyftpdlib - Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5...2009

💬Community

2
Bugzilla
CVE-2009-5011 CVE-2009-5012 CVE-2009-5013 CVE-2010-3494 pyftpdlib various flaws [fedora-12]2010-10-24
Bugzilla
CVE-2009-5013 pyftpdlib: DoS (memory consumption) by sending a QUIT command during a data transfer2010-10-24