// For flags

CVE-2024-6227

Infinite Loop in aimhubio/aim

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

Una vulnerabilidad en aimhubio/aim versión 3.19.3 permite a un atacante provocar una denegación de servicio configurando el servidor de seguimiento remoto para que apunte a sí mismo. Esto da como resultado que el servidor se conecte interminablemente consigo mismo, lo que le impide responder a otras conexiones.

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-06-20 CVE Reserved
  • 2024-07-08 CVE Published
  • 2024-08-08 EPSS Updated
  • 2024-08-30 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-400: Uncontrolled Resource Consumption
  • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
---- -