PT-2025-12026 · Aimhubio · Aim

Published

2025-03-20

Updated

2025-03-21

CVE-2024-10110

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.23.0

Description The ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests.

Recommendations For aimhubio/aim version 3.23.0, consider restricting the instantiation of the ScheduledStatusReporter object to prevent it from running on the main thread of the tracking server. As a temporary workaround, consider disabling the ScheduledStatusReporter object until a patch is available.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2024-10110

GHSA-FX47-JPV9-7HXR

Affected Products

Aim

PT-2025-12026 · Aimhubio · Aim

CVE-2024-10110

Weakness Enumeration

Related Identifiers

Affected Products

References · 7