Date: Tue, 31 Jan 2017 11:59:11 -0500 From: Max Veytsman <max@...canary.com> To: oss-security@...ts.openwall.com Subject: CVE requests: code injection in rubygem espeak-ruby and code injection in rubygem festivaltts4r Two similar vulnerabilities in ruby text-to-speech libraries. 1) espeak-ruby Rubygem espeak-ruby passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the speak, save, bytes and bytes_wav methods in the lib/espeak/speech.rb. https://github.com/dejan/espeak-ruby/issues/7 Patched in 1.0.3 https://github.com/spejman/festivaltts4r/issues/1 2) festivaltts4r Rubygem festivaltts4r passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to the to_speech and and to_mp3 methods in lib/festivaltts4r/festival4r.rb. https://github.com/spejman/festivaltts4r/issues/1 No patch Credit: Brendan Coles -- Max Veytsman Co-founder appcanary.com @mveytsman <https://twitter.com/mveytsman>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.