CVE-2009-5010: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib

May 2, 2022 (updated October 14, 2024)

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.

References

bugs.launchpad.net/zodb/+bug/135108
github.com/advisories/GHSA-mpg6-rgp4-35rr
github.com/giampaolo/pyftpdlib
github.com/pypa/advisory-database/tree/main/vulns/pyftpdlib/PYSEC-2010-7.yaml
nvd.nist.gov/vuln/detail/CVE-2009-5010

Code Behaviors & Features

Detect and mitigate CVE-2009-5010 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →