uv ZIP Archive Parsing Vulnerability Allowing Arbitrary Code Execution

A vulnerability in the 'uv' package manager, affecting versions through 0.9.5, allows for arbitrary code execution by exploiting how ZIP archives are parsed during package installation. This issue arises because 'uv' incorrectly handles central directory comment fields and filenames, creating inconsistencies with other Python package managers. An attacker can craft a ZIP archive that, when processed by 'uv', executes malicious code. Exploitation requires user interaction to install the compromised package.

Impact

The vulnerability allows for arbitrary code execution by exploiting parsing errors in ZIP archives, which 'uv' fails to handle correctly. This issue is particularly concerning when ZIP-based source distributions are used, as 'uv' may inadvertently execute malicious code during the package installation process.

Reproduction

To reproduce this vulnerability, create a ZIP archive that takes advantage of the parsing differentials in 'uv' versions through 0.9.5. This can be done by including comments in the central directory that 'uv' will misinterpret, or by crafting filenames that contain null bytes, which 'uv' will skip over while other ZIP extractors would not. Once the archive is prepared, upload it to a Python package repository or distribute it in a way that allows it to be installed using 'uv'. When the package is installed, 'uv' will execute the malicious code embedded in the ZIP archive.

Remediation

Users are advised to upgrade to 'uv' version 0.9.6 or later, which addresses the vulnerability by correctly processing ZIP comments and rejecting archives with problematic filenames. After upgrading, 'uv' can be set to 'UV_INSECURE_NO_ZIP_VALIDATION=1' if any issues arise, but this will disable the ZIP validation feature.