Tech News
← Back to articles

Preventing ZIP parser confusion attacks on Python package installers

2025-10-31 | original
read original related products more articles

Preventing ZIP parser confusion attacks on Python package installers

The Python Package Index is introducing new restrictions to protect Python package installers and inspectors from confusion attacks arising from ZIP parser implementations. This has been done in response to the discovery that the popular installer uv has a different extraction behavior to many Python-based installers that use the ZIP parser implementation provided by the zipfile standard library module.

Summary

ZIP archives constructed to exploit ZIP confusion attacks are now rejected by PyPI.

There is no evidence that this vulnerability has been exploited using PyPI.

PyPI is deprecating wheel distributions with incorrect RECORD files.

Please see this blog post and CVE-2025-54368 for more information on uv's patch.

Wheels are ZIPs, and ZIPs are complicated

Python package "wheels" (or "binary distributions"), like many other file formats, actually a ZIP in disguise. The ZIP archive standard was created in 1989, where large archives might need to be stored across multiple distinct storage units due to size constraints. This requirement influenced the design of the ZIP archive standard, such as being able to update or delete already-archived files by appending new records to the end of a ZIP instead of having to rewrite the entire ZIP from scratch which might potentially be on another disk.

These design considerations meant that the ZIP standard is complicated to implement, and in many ways is ambiguous in what the "result" of extracting a valid ZIP file should be.

... continue reading

Related:
Z3 API in Python: From Sudoku to N-Queens in Under 20 Lines
IDEmacs: A Visual Studio Code clone for Emacs
Archimedes – A Python toolkit for hardware engineering
Messing with Scraper Bots
Messing with scraper bots

© 2025 GoKawiil