CVE-2009-5011: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in pyftpdlib
4.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.62164%
CWE
Published
5/2/2022
Updated
10/15/2024
KEV Status
No
Technology
Python
Technical Details
CVSS Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
pyftpdlib | pip | <= 0.5.1 | 0.5.2 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability traceback shows the crash occurs at FTPHandler
initialization when calling getpeername()
. The race condition exists between connection acceptance and peer verification - if a client disconnects immediately after connecting but before getpeername()
executes, the socket becomes invalid. The vulnerable code lacks try/except handling around getpeername()
to gracefully handle this transient state, leading to unhandled exceptions that crash the server instance. The function location matches all vulnerability descriptions and issue reports.