CVE-2024-6227

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a	Exploit
https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-08 19:15

Updated : 2024-11-21 09:49

NVD link : CVE-2024-6227

Mitre link : CVE-2024-6227

CVE.ORG link : CVE-2024-6227

JSON object : View

Products Affected

aimstack

aim

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2024-6227", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-07-08T19:15:10.673", "references": [{"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "tags": ["Exploit"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-835"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections."}, {"lang": "es", "value": "Una vulnerabilidad en aimhubio/aim versi\u00f3n 3.19.3 permite a un atacante provocar una denegaci\u00f3n de servicio configurando el servidor de seguimiento remoto para que apunte a s\u00ed mismo. Esto da como resultado que el servidor se conecte interminablemente consigo mismo, lo que le impide responder a otras conexiones."}], "lastModified": "2024-11-21T09:49:14.387", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3385F0DE-BFDD-45D6-A0DF-3175FF3A4805"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}