CVE-2024-2029

A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mudler/localai/commit/31a4c9c9d3abc58de2bdc5305419181c8b33eb1c
https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0
https://github.com/mudler/localai/commit/31a4c9c9d3abc58de2bdc5305419181c8b33eb1c
https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0

Configurations

No configuration.

History

21 Nov 2024, 09:08

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de inyección de comandos en el `TranscriptEndpoint` de mudler/localai, específicamente dentro de la función `audioToWav` utilizada para convertir archivos de audio al formato WAV para su transcripción. La vulnerabilidad surge debido a la falta de desinfección de los nombres de archivo proporcionados por el usuario antes de pasarlos a ffmpeg a través de un comando de shell, lo que permite a un atacante ejecutar comandos arbitrarios en el sistema host. Una explotación exitosa podría provocar acceso no autorizado, violaciones de datos u otros impactos perjudiciales, según los privilegios del proceso que ejecuta el código.
References	~~() https://github.com/mudler/localai/commit/31a4c9c9d3abc58de2bdc5305419181c8b33eb1c -~~	() https://github.com/mudler/localai/commit/31a4c9c9d3abc58de2bdc5305419181c8b33eb1c -
References	~~() https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0 -~~	() https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0 -

10 Apr 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-10 17:15

Updated : 2024-11-21 09:08

NVD link : CVE-2024-2029

Mitre link : CVE-2024-2029

CVE.ORG link : CVE-2024-2029

JSON object : View

Products Affected

No product.

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10