CVE-2024-12777

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions aimhubio/aim version 3.25.0

Description A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.

Recommendations aimhubio/aim version 3.25.0: Implement an additional timeout setting in the sshfs-client to prevent the server from hanging indefinitely when connecting to unresponsive sockets.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1088

Related Identifiers

CVE-2024-12777

GHSA-V5PJ-JRPV-H6G2

Affected Products

Aim

CVE-2024-12777

Weakness Enumeration

Related Identifiers

Affected Products

References · 8