Lucene search

K

GitHub Advisory DatabaseGHSA-62XG-239J-VXG7

HistoryMay 02, 2022 - 4:00 a.m.

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

2022-05-0204:00:27

CWE-362

GitHub Advisory Database

github.com

8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.4%

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

CPENameOperatorVersion
pyftpdlible0.5.1

References

code.google.com/p/pyftpdlib/issues/detail?id=100

code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

code.google.com/p/pyftpdlib/source/detail?r=543

code.google.com/p/pyftpdlib/source/diff?spec=svn543&r=543&format=side&path=/trunk/pyftpdlib/ftpserver.py

github.com/advisories/GHSA-62xg-239j-vxg7

github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-8.yaml

nvd.nist.gov/vuln/detail/CVE-2009-5011

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.4%

Related for GHSA-62XG-239J-VXG7

osv6 prion3 cve3 debiancve3 fedora1 openvas4 nessus1 github2