zip Library for Rust Symbolic Link Vulnerability Allowing Arbitrary File Overwrite

A vulnerability exists in the zip library for Rust, specifically in versions 1.3.0 through 2.2.2, that allows symbolic links in ZIP archives to overwrite arbitrary files on the filesystem during extraction. This issue arises because the extraction process does not properly validate the final path of symbolic links, enabling crafted archives to exploit this oversight. Users who extract untrusted ZIP files using the 'zip::read::ZipArchive::extract' or 'zip::unstable::stream::ZipStreamReader::extract' methods may inadvertently overwrite critical files with arbitrary permissions, potentially leading to unauthorized code execution.

Impact

Exploitation of this vulnerability can result in the overwriting of important system files with arbitrary content, permissions, and could potentially allow for unauthorized code execution.

Reproduction

The vulnerability can be reproduced by creating a ZIP file that includes a symbolic link pointing to a file outside the intended extraction directory. When this ZIP file is extracted using the vulnerable 'zip' library versions, the symbolic link can be followed to overwrite files in the filesystem.

Remediation

Users can upgrade to 'zip' version 2.3.0 or later, where this vulnerability has been fixed.