CVE-2024-55587
📋 TL;DR
This vulnerability in python-libarchive allows attackers to perform directory traversal attacks when extracting ZIP archives, potentially writing files outside the intended extraction directory. Any application using python-libarchive's ZipFile.extractall() or ZipFile.extract() methods is affected. This could lead to arbitrary file creation in sensitive locations.
💻 Affected Systems
- python-libarchive
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could overwrite critical system files, install malware, or create backdoors by extracting malicious ZIP archives to arbitrary locations on the filesystem.
Likely Case
Attackers could write files to sensitive directories, potentially leading to privilege escalation, data corruption, or persistence mechanisms.
If Mitigated
With proper input validation and sandboxing, the impact is limited to the extraction directory only.
🎯 Exploit Status
Exploitation requires only a specially crafted ZIP archive. The vulnerability is simple to exploit and public proof-of-concept exists in the GitHub issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2.2 or later
Vendor Advisory: https://github.com/smartfile/python-libarchive/pull/41
Restart Required: No
Instructions:
1. Upgrade python-libarchive to version 4.2.2 or later using pip: pip install --upgrade python-libarchive
2. Verify the upgrade completed successfully
3. No restart required as this is a Python library
🔧 Temporary Workarounds
Input validation wrapper
allImplement custom extraction logic that validates all paths before extraction
# Python code snippet to wrap extraction
import os
from libarchive import ZipFile
def safe_extract(zip_path, target_dir):
with ZipFile(zip_path) as zf:
for member in zf.getmembers():
member_path = os.path.join(target_dir, member.name)
if not member_path.startswith(os.path.abspath(target_dir)):
raise ValueError('Path traversal attempt detected')
zf.extract(member, target_dir)
🧯 If You Can't Patch
- Disable automatic extraction of ZIP files from untrusted sources
- Implement strict file upload validation and sandbox extraction to isolated directories
🔍 How to Verify
Check if Vulnerable:
Check python-libarchive version: pip show python-libarchive | grep VersionCheck Version:
python -c "import libarchive; print(libarchive.__version__)"Verify Fix Applied:
Verify version is 4.2.2 or higher: pip list | grep python-libarchive📡 Detection & Monitoring
Log Indicators:
- Failed extraction attempts with path traversal patterns
- Files being written outside expected extraction directories
- ZIP extraction errors in application logs
Network Indicators:
- Large number of ZIP file uploads to vulnerable endpoints
- Suspicious ZIP files with directory traversal paths in filenames
SIEM Query:
source="application.log" AND "extract" AND (".." OR "/" OR "\\") AND error