Malcontent Nested Archive Handling Vulnerability Allowing Potential Retention of Malicious Content
Vulnerability
A vulnerability in Malcontent prior to version 1.21.0 allows nested archives that fail to extract to be deleted, potentially discarding malicious content. The issue arises because the software removes these problematic archives instead of retaining them for a thorough scan. The vulnerability has been addressed in version 1.21.0.
Impact
The vulnerability could lead to a supply-chain compromise by allowing malicious content within nested archives to be overlooked and deleted during the scanning process.
Reproduction
The vulnerability can be reproduced by using a version of Malcontent prior to 1.21.0 to scan an archive containing a nested file with a valid gzip format but an invalid tar structure. When Malcontent encounters this nested archive, it will fail to extract it and remove the file instead of retaining it for scanning. This behavior can be verified by checking the extraction directory, where the nested archive file should be absent.
Remediation
Users can upgrade to Malcontent version 1.21.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.