Synchronous Access of Remote Resource without Timeout

CVE-2024-8061

High

7.5/10

Summary

In aim package, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a Denial of Service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1088 - Synchronous Access of Remote Resource without Timeout

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

References

Advisory
Disclosure

Advisory Timeline

Published Mar 20, 2025

Synchronous Access of Remote Resource without Timeout

CVE-2024-8061

Summary

CWE-1088 - Synchronous Access of Remote Resource without Timeout

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS