CVE-2009-5011 — Concurrent Execution using Shared Resource with Improper Synchronization ('Race

Description

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.

How to fix CVE-2009-5011

To remediate CVE-2009-5011, upgrade the affected package to a fixed version below.

Debian/python-pyftpdlib—upgrade to 0.5.2-1 or later
—upgrade to 0.5.2 or later
—upgrade to 0.5.2 or later

Is CVE-2009-5011 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 0.5.2-1
from 0, < 0.5.2
from 0, < 0.5.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References (9)

ADVISORYgithub.com/advisories/GHSA-62xg-239j-vxg7
ADVISORYnvd.nist.gov/vuln/detail/CVE-2009-5011
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-5011
PATCHgithub.com/giampaolo/pyftpdlib
WEB