Paolo Losi

**Name of the Vulnerable Software and Affected Versions** pyftpdlib versions prior to 0.5.1 **Description** A race condition exists in the FTPHandler class in ftpserver.py, allowing remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection. This leads to the accept function having an unexpected return value of None. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** pyftpdlib versions prior to 0.5.2 **Description** A race condition in the FTPHandler class in ftpserver.py allows remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection. This leads to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error. **Recommendations** For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider implementing measures to handle unexpected TCP connection closures and errors to minimize the risk of denial of service.

**Name of the Vulnerable Software and Affected Versions** Zope Object Database (ZODB) versions prior to 3.10.0 **Description** The issue is related to a race condition in the ZEO/StorageServer.py module, allowing remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection. This leads to unexpected return values or errors, including an unexpected return value of None for the accept function, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error. **Recommendations** For versions prior to 3.10.0, update to version 3.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ZEO/StorageServer.py module to minimize the risk of exploitation.