CVE-2021-32842 is a path traversal vulnerability identified in the icsharpcode SharpZipLib library, which is a widely used open-source compression library supporting Zip, GZip, Tar, and BZip2 formats. The vulnerability affects versions starting from 1.0.0 up to, but not including, 1.3.3. The root cause lies in improper validation of the destination directory path when extracting archive contents. Specifically, the library added a check to ensure that extracted files reside within a specified destination directory. However, this check did not enforce that the base directory path ends with a trailing slash. Without this enforcement, an attacker can craft archive entries with filenames that begin similarly to the destination directory but actually reside outside it, for example, if the base directory is set to "/home/user/dir" (without trailing slash), a file named "dir.sh" could be created at "/home/user/dir.sh", effectively escaping the intended extraction directory. This improper limitation of pathname to a restricted directory (CWE-22) can lead to arbitrary file creation outside the intended directory. The impact of this vulnerability depends heavily on the context in which SharpZipLib is used, including what files are extracted and the privileges of the process performing extraction. The vulnerability was fixed in version 1.3.3 by enforcing the trailing slash requirement on the base directory path, thereby preventing directory traversal via crafted filenames. There are no known exploits in the wild reported to date. The vulnerability is classified as medium severity due to its limited impact scope and dependency on specific use cases and configurations.

For European organizations, the impact of CVE-2021-32842 can vary based on how SharpZipLib is integrated into their software stack. Organizations using applications or services that rely on vulnerable versions of SharpZipLib for decompressing user-supplied archives may be at risk of arbitrary file creation outside the intended extraction directory. This can lead to overwriting or creating files in sensitive locations, potentially enabling code execution, privilege escalation, or disruption of service if critical system or application files are affected. The confidentiality, integrity, and availability of systems could be compromised if attackers leverage this vulnerability to place malicious payloads or disrupt normal operations. However, the actual risk is mitigated if the extraction process runs with limited privileges or in sandboxed environments. European enterprises in sectors such as software development, cloud services, and any industry relying on .NET or Mono-based applications (where SharpZipLib is commonly used) should be particularly vigilant. The absence of known exploits suggests a lower immediate threat, but the potential for targeted attacks remains, especially in environments where untrusted archives are processed automatically.

1. Upgrade to SharpZipLib version 1.3.3 or later, where the vulnerability is fixed by enforcing trailing slash checks on base directories. 2. Implement strict input validation and sanitization on archive files before extraction, including verifying filenames for path traversal patterns. 3. Run extraction processes with the least privilege necessary, ideally in isolated or sandboxed environments to limit the impact of any arbitrary file creation. 4. Use application-level controls to restrict archive extraction to trusted sources only. 5. Monitor file system changes in directories used for extraction to detect unexpected file creations or modifications. 6. For developers, explicitly ensure that base directory paths used in extraction routines are normalized and end with a trailing slash to prevent traversal. 7. Incorporate security testing and code reviews focusing on archive handling components to detect similar path traversal issues. 8. If upgrading is not immediately feasible, consider patching or applying custom validation logic to enforce directory constraints robustly.