CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-8061

Mitre link : CVE-2024-8061

CVE.ORG link : CVE-2024-8061

JSON object : View

Products Affected

aimstack

aim

CWE

CWE-1088

Synchronous Access of Remote Resource without Timeout

{"id": "CVE-2024-8061", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:40.500", "references": [{"url": "https://huntr.com/bounties/c85d005c-b354-4c51-a88f-adda2f09622b", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-1088"}]}], "descriptions": [{"lang": "en", "value": "In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts."}, {"lang": "es", "value": "En la versi\u00f3n 3.23.0 de aimhubio/aim, ciertos m\u00e9todos que solicitan datos de servidores externos no tienen tiempos de espera definidos, lo que provoca que el servidor espere indefinidamente una respuesta. Esto puede provocar una denegaci\u00f3n de servicio, ya que el servidor de seguimiento no responde a otras solicitudes mientras espera. El problema surge en el cliente que utiliza el servidor de seguimiento `aim` para comunicarse con recursos externos, concretamente en el m\u00e9todo `_run_read_instructions` y llamadas similares sin tiempos de espera."}], "lastModified": "2025-10-15T13:15:54.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.23.0:*:*:*:*:python:*:*", "vulnerable": true, "matchCriteriaId": "22E84A5D-7E10-4D1A-98EF-8A79AAAF82D4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}