CVE-2024-12777
published 2025-03-20CVE-2024-12777: A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is…
PriorityP429medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
0.44%
35.3th percentile
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aimhubio | aimhubio_aim | unspecified – latest | — |
| aimstack | aim | — | — |
| aimstack | aim | 0 – 3.25.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
osv·2025-03-20
CVE-2024-12777 [MEDIUM] Aim vulnerable to Synchronous Access of Remote Resource without Timeout
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
GHSA
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
ghsa·2025-03-20
CVE-2024-12777 [MEDIUM] CWE-1088 Aim vulnerable to Synchronous Access of Remote Resource without Timeout
Aim vulnerable to Synchronous Access of Remote Resource without Timeout
A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published