GitHub Advisory DatabaseGHSA-HW4G-FHCP-X5MQConcurrent Execution using Shared Resource with Improper Synchronization in pyftpdlib
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.6%
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.
References
bugs.python.org/issue6706
code.google.com/p/pyftpdlib/issues/detail?id=104
code.google.com/p/pyftpdlib/issues/detail?id=105
code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
code.google.com/p/pyftpdlib/source/detail?r=556
code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py
www.openwall.com/lists/oss-security/2010/09/09/6
www.openwall.com/lists/oss-security/2010/09/11/2
www.openwall.com/lists/oss-security/2010/09/22/3
www.openwall.com/lists/oss-security/2010/09/24/3
bugs.launchpad.net/zodb/+bug/135108
github.com/advisories/GHSA-hw4g-fhcp-x5mq
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-11.yaml
nvd.nist.gov/vuln/detail/CVE-2010-3494
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.6%