CVE-2024-6227 - OpenCVE

A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Aimstack	Aim

Configuration 1 [-]

cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a

History

Fri, 30 Aug 2024 16:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400
Metrics	cvssV3_0 `{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Fri, 30 Aug 2024 15:45:00 +0000

Type	Values Removed	Values Added
Description	A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause a denial of service by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.	A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.
Title	Denial of Service in aimhubio/aim	Infinite Loop in aimhubio/aim

Wed, 07 Aug 2024 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Aimstack Aimstack aim
Weaknesses		CWE-835
CPEs		cpe:2.3:a:aimstack:aim:3.19.3:::::::*
Vendors & Products		Aimstack Aimstack aim
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-07-08T19:06:31.579Z

Updated: 2024-08-30T15:25:02.656Z

Reserved: 2024-06-20T20:24:06.093Z

Link: CVE-2024-6227

Vulnrichment

Updated: 2024-08-01T21:33:05.297Z

NVD

Status : Modified

Published: 2024-07-08T19:15:10.673

Modified: 2024-08-30T16:15:10.203

Link: CVE-2024-6227

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6227", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-20T20:24:06.093Z", "datePublished": "2024-07-08T19:06:31.579Z", "dateUpdated": "2024-08-30T15:25:02.656Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "aimhubio/aim", "vendor": "aimhubio", "versions": [{"lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.</p>"}], "value": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-08-30T15:25:02.656Z"}, "references": [{"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a"}], "source": {"advisory": "abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "discovery": "EXTERNAL"}, "title": "Infinite Loop in aimhubio/aim", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "aimhubio", "product": "aim", "cpes": ["cpe:2.3:a:aimhubio:aim:3.19.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.19.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T19:51:23.581161Z", "id": "CVE-2024-6227", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:56:09.206Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.297Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:33:05.297Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6227", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T19:51:23.581161Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:aimhubio:aim:3.19.3:*:*:*:*:*:*:*"], "vendor": "aimhubio", "product": "aim", "versions": [{"status": "affected", "version": "3.19.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T19:55:32.749Z"}}], "cna": {"title": "Infinite Loop in aimhubio/aim", "source": {"advisory": "abcea7c6-bb3b-45e9-aa15-9eb6b224451a", "discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "aimhubio", "product": "aimhubio/aim", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.", "supportingMedia": [{"type": "text/html", "value": "<p>A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-08-30T15:25:02.656Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6227", "state": "PUBLISHED", "dateUpdated": "2024-08-30T15:25:02.656Z", "dateReserved": "2024-06-20T20:24:06.093Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-07-08T19:06:31.579Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aimstack:aim:3.19.3:*:*:*:*:*:*:*", "matchCriteriaId": "3385F0DE-BFDD-45D6-A0DF-3175FF3A4805", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to cause an infinite loop by configuring the remote tracking server to point at itself. This results in the server endlessly connecting to itself, rendering it unable to respond to other connections."}, {"lang": "es", "value": "Una vulnerabilidad en aimhubio/aim versi\u00f3n 3.19.3 permite a un atacante provocar una denegaci\u00f3n de servicio configurando el servidor de seguimiento remoto para que apunte a s\u00ed mismo. Esto da como resultado que el servidor se conecte interminablemente consigo mismo, lo que le impide responder a otras conexiones."}], "id": "CVE-2024-6227", "lastModified": "2024-08-30T16:15:10.203", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-07-08T19:15:10.673", "references": [{"source": "security@huntr.dev", "tags": ["Exploit"], "url": "https://huntr.com/bounties/abcea7c6-bb3b-45e9-aa15-9eb6b224451a"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Secondary"}]}