PT-2024-37467 · Aimhubio · Aim
Published
2024-07-08
·
Updated
2024-08-30
·
CVE-2024-6227
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions:
aimhubio/aim version 3.19.3
Description:
A vulnerability allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
Recommendations:
For aimhubio/aim version 3.19.3, consider reconfiguring the remote tracking server to prevent it from pointing at itself as a temporary workaround until a patch is available. Restrict access to the remote tracking server configuration to minimize the risk of exploitation.
Exploit
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aim