CVE-2024-43035
Received Received - Intake
Directory Traversal in Fonoster VoiceServer Allows Arbitrary File Read

Publication date: 2026-03-05

Last updated on: 2026-03-05

Assigner: MITRE

Description
Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-05
EPSS Evaluated
2026-06-15
NVD
CVE-2024-43035
EUVD
EUVD-2024-55468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
fonoster fonsoter to 0.6.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-24 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2024-43035 is a Local File Inclusion (LFI) vulnerability in Fonoster VoiceServer versions before 0.6.1. It allows an attacker to perform directory traversal attacks via the /sounds/:file or /tts/:file endpoints. This happens because the server concatenates a base directory path with user-supplied filenames without proper validation or sanitization, enabling attackers to access arbitrary files on the server by including sequences like '../' in the filename."}, {'type': 'paragraph', 'content': 'The vulnerable function, serveFiles, reads files from the filesystem based on the user input without checking if the requested path escapes the intended directory. This flaw can be exploited to read sensitive files such as system configuration or password files.'}] [2]

Impact Analysis

This vulnerability can allow an attacker to read arbitrary files on the server hosting Fonoster VoiceServer. By exploiting directory traversal, attackers can access sensitive files outside the intended directory, potentially exposing confidential information such as system files, configuration files, or credentials.

Such unauthorized file access can lead to information disclosure, which may facilitate further attacks or compromise the security of the affected system.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by attempting to access files outside the intended directory via directory traversal sequences in the URL path, specifically targeting the /sounds/:file or /tts/:file endpoints of the Fonoster VoiceServer.

A common detection method is to use a command like curl to request a sensitive file such as /etc/passwd by including directory traversal sequences (../) encoded as %2f in the URL.

Example command to test for the vulnerability:

  • curl http://localhost:3000/sounds/..%2f..%2f..%2fetc%2fpasswd

If the server responds with the contents of the file (e.g., /etc/passwd), it indicates the presence of the directory traversal vulnerability.

Mitigation Strategies

Immediate mitigation steps include implementing strict input validation and path normalization to prevent directory traversal attacks on the vulnerable endpoints.

  • Use path normalization (e.g., path.normalize()) on the combined base directory and user-supplied file path.
  • Verify that the normalized path starts with the intended base directory to ensure the requested file is within allowed boundaries.
  • Reject any requests with absolute paths or paths that escape the base directory by responding with an access denied or error status.

Until an official patch is released, users are advised to apply these mitigations manually or take down their Fonoster VoiceServer instances to avoid exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-43035. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart