Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
Moderate severity
GitHub Reviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Jan 29, 2023
Description
Published by the National Vulnerability Database
Oct 19, 2010
Published to the GitHub Advisory Database
May 2, 2022
Reviewed
Jun 17, 2022
Last updated
Jan 29, 2023
Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.
References