Denial of Service in aimhubio/aim by Unresponsive sshfs-client
CVE-2024-12777

5.9MEDIUM

Key Information:

Vendor: Aimhubio
Status: Aimhubio/aim
Vendor: CVE Published:; 20 March 2025

Summary

A vulnerability in aimhubio/aim version 3.25.0 enables a denial of service condition through misuse of the sshfs-client. The single-threaded tracking server can become unresponsive when it tries to connect to an unresponsive socket via sshfs. The absence of a crucial timeout setting in the sshfs-client allows the server to hang excessively, obstructing it from processing other incoming requests effectively.

Affected Version(s)

aimhubio/aim <= unspecified

References

https://huntr.com/bounties/cdf8db79-c290-4fe5-9383-4c518b...

CVSS V3.0

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Dec 18, 2024