CVE-2010-3494 — Race Condition in Pyftpdlib
Severity
4.3MEDIUMNVD
GHSA5.0OSV5.0
EPSS
0.4%
top 38.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 19
Latest updateMay 17
Description
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
CVSS vector
AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
9OSV
▶
GHSA
▶
OSV▶
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib↗2022-05-02
GHSA▶
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib↗2022-05-02
OSV▶
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib↗2022-05-02
📋Vendor Advisories
3Debian▶
CVE-2010-3494: python-pyftpdlib - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2...↗2010
Debian▶
CVE-2009-5011: python-pyftpdlib - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2...↗2009
Debian▶
CVE-2009-5010: python-pyftpdlib - Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1...↗2009