GuardDog Zip Bomb Vulnerability in safe_extract() Function Allows Denial-of-Service

A denial-of-service vulnerability has been identified in GuardDog, a CLI tool for detecting malicious PyPI packages, in versions prior to 2.7.1. The issue arises in the safe_extract() function, which extracts ZIP archives (wheels, eggs) without validating decompressed file sizes. This oversight enables attackers to create zip bombs that consume excessive disk space, potentially leading to resource exhaustion. A malicious package can cause gigabytes of disk usage from just a few megabytes of compressed data.

Impact

Exploitation of this vulnerability can disrupt CI/CD pipelines by filling up disk space, particularly in environments like GitHub Actions that have limited storage. It can also exhaust resources in local development, security scanning infrastructures, or Docker containers with restricted disk availability. Additionally, this vulnerability could amplify the effects of a supply chain attack by blocking security scans and delaying the detection of other malicious packages.

Reproduction

The vulnerability can be reproduced by uploading a malicious PyPI package that contains a zip bomb—a ZIP file designed to expand into a large amount of data, consuming significant disk space. Once the package is published, it can be added to a project's requirements.txt file. When the project is built or deployed, the GuardDog tool scans for malicious packages but fails to detect the zip bomb, allowing the extraction process to fill up the available disk space.

Remediation

Users can update to GuardDog version 2.7.1, which addresses the vulnerability by adding decompressed size validation and compression ratio checks for ZIP files, similar to the existing protections for TAR files.