CVE-2024-8062

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-1088
View all →

Vulnerability Description

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a `HEAD` request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controlled server that hangs, causing the application to block and become unresponsive to other requests.

Related Vulnerabilities

CVE-2024-12777

MEDIUM
CVSS:5.9(Medium)

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by request...

CWE-10882024

CVE-2024-12777

MEDIUM
CVSS:5.9(Medium)

A vulnerability in aimhubio/aim version 3.25.0 allows for a denial of service through the misuse of the sshfs-client. The tracking server, which is single-threaded, can be made unresponsive by request...

CWE-10882024

CVE-2020-14483

MEDIUM
CVSS:4.3(Medium)

A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20...

CWE-10882020