uv Python Package ZIP Parsing Differential Vulnerability Allowing Malicious Payload Injection

A vulnerability exists in the 'uv' Python package and project manager, specifically in versions through 0.8.5. This issue arises from the handling of remote ZIP archives, which were processed in a streamwise manner without proper reconciliation against the archive's central directory. As a result, an attacker could create a ZIP archive that extracted different contents depending on the package installer used, potentially leading to the execution of malicious code. This vulnerability is particularly concerning for 'uv' users, as it could be exploited by uploading a crafted package to a third-party package index and then installing it with 'uv'.

Impact

Exploitation of this vulnerability could allow an attacker to inject and execute malicious payloads through ZIP archives, taking advantage of the parsing differentials between 'uv' and other Python package installers that use the standard 'zipfile' module. This could lead to unauthorized code execution, especially if the malicious ZIP is distributed via a package index and installed with 'uv'.

Reproduction

The vulnerability can be reproduced by creating a ZIP file that exploits the parsing differential between 'uv' and other Python package installers. This can be done by including multiple local file entries with different contents or by stacking internal ZIPs in a way that confuses the installer. Once the crafted ZIP is uploaded to a package index, it can be installed using 'uv', which will trigger the vulnerability.

Remediation

Users are advised to upgrade to 'uv' version 0.8.6 or later, which addresses the vulnerability by implementing proper ZIP validation and reconciliation with the central directory. Users who encounter issues after upgrading can set the 'UV_INSECURE_NO_ZIP_VALIDATION' environment variable to revert to the previous ZIP handling behavior.