GoogleOSV:GHSA-MPG6-RGP4-35RRConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.
References
bugs.python.org/issue6706
code.google.com/p/pyftpdlib/issues/detail?id=91
code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY
code.google.com/p/pyftpdlib/source/detail?r=439
code.google.com/p/pyftpdlib/source/diff?spec=svn439&r=439&format=side&path=/trunk/pyftpdlib/ftpserver.py
www.openwall.com/lists/oss-security/2010/09/09/6
www.openwall.com/lists/oss-security/2010/09/11/2
www.openwall.com/lists/oss-security/2010/09/22/3
www.openwall.com/lists/oss-security/2010/09/24/3
bugs.launchpad.net/zodb/+bug/135108
github.com/advisories/GHSA-mpg6-rgp4-35rr
github.com/giampaolo/pyftpdlib
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-7.yaml
nvd.nist.gov/vuln/detail/CVE-2009-5010
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.9%