CVE-2009-5010 — Concurrent Execution using Shared Resource with Improper Synchronization ('Race

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.1 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, a different vulnerability than CVE-2010-3494.

How to fix CVE-2009-5010

To remediate CVE-2009-5010, upgrade the affected package to a fixed version below.

PyPI/pyftpdlib—upgrade to 0.5.1 or later
—upgrade to 0.5.1 or later

Is CVE-2009-5010 being exploited?

Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.5.1
from 0, < 0.5.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (14)

ADVISORYgithub.com/advisories/GHSA-mpg6-rgp4-35rr
ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-5010
PATCHgithub.com/giampaolo/pyftpdlib
WEBbugs.python.org/issue6706
WEBcode.google.com/p/pyftpdlib/issues/detail?id=91