CVE-2010-3494

Name of the Vulnerable Software and Affected Versions pyftpdlib versions prior to 0.5.2

Description A race condition in the FTPHandler class in ftpserver.py allows remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection. This leads to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error.

Recommendations For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider implementing measures to handle unexpected TCP connection closures and errors to minimize the risk of denial of service.