CVEbaza.plSłownik CWECWE-1088
Common Weakness Enumeration

CWE-1088

Synchronous Access of Remote Resource without Timeout

Kategoria: BaseCVE: 5
Opis

Kod wykonuje synchroniczne wywołanie zasobu zdalnego, ale nie ma ustawionego limitu czasu dla tego wywołania lub limit czasu jest ustawiony na nieskończoność. Może to prowadzić do zawieszenia się aplikacji lub niedostępności usługi.

Description (EN)

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

Podatności CVE z CWE-1088 (5)
7.5
CVSS
HIGH
CVE-2024-8061

In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not respond to other requests while waiting. The issue arises in the client used by the `aim` tracking server to communicate with external resources, specifically in the `_run_read_instructions` method and similar calls without timeouts.

pub. 2025-03-20
7.5
CVSS
HIGH
CVE-2024-8062

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.

pub. 2025-03-20
5.9
CVSS
MEDIUM
CVE-2024-12777

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by requesting it to connect to an unresponsive socket via sshfs. The lack of an additional timeout setting in the sshfs-client causes the server to hang for a significant amount of time, preventing it from responding to other requests.

pub. 2025-03-20
4.3
CVSS
MEDIUM
CVE-2020-14483

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct.

pub. 2020-08-13
3.1
CVSS
LOW
CVE-2025-4656

Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656) has been remediated in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11, 1.17.17, and 1.16.22.

pub. 2025-06-25
Informacje
ID: CWE-1088
Typ: Base
Podatności: 5
MITRE CWE ↗
← Słownik CWE