CVE-2024-55587 is a directory traversal vulnerability found in the python-libarchive library, specifically affecting versions up to 4.2.1. The flaw exists in the zip.py module's ZipFile.extractall and ZipFile.extract methods, which do not properly sanitize file paths during extraction of ZIP archives. This improper validation allows an attacker to craft malicious ZIP files containing file paths with directory traversal sequences (e.g., '../') that cause files to be written outside the intended extraction directory. Exploitation requires only low privileges (PR:L) and no user interaction (UI:N), with the attack vector being network-based (AV:N), meaning an attacker can remotely trigger the vulnerability by supplying a malicious archive to a vulnerable system. The vulnerability impacts confidentiality, integrity, and availability (C:H/I:H/A:H) because arbitrary files can be overwritten or created, potentially leading to code execution, data corruption, or denial of service. The vulnerability is classified under CWE-22, which covers improper limitation of pathname to a restricted directory. Although no exploits are currently known in the wild, the high CVSS score of 8.8 reflects the serious risk posed by this vulnerability. No official patches or fixes are listed yet, so mitigation strategies must be applied proactively. This vulnerability is particularly critical for environments that automatically extract ZIP files from untrusted sources, such as web applications, CI/CD pipelines, or cloud services using python-libarchive.

The impact of CVE-2024-55587 is significant for organizations worldwide that use python-libarchive for ZIP file extraction. Successful exploitation can lead to arbitrary file creation or overwriting outside the intended directory, enabling attackers to place malicious executables, overwrite configuration files, or manipulate critical system files. This can result in full system compromise, data breaches, service disruption, or persistent backdoors. Automated systems that process ZIP files without validation are especially at risk. The vulnerability affects confidentiality by exposing or altering sensitive data, integrity by allowing unauthorized file modifications, and availability by potentially causing system crashes or denial of service. Given the ease of exploitation (no user interaction, network vector, low privileges), attackers can leverage this flaw to escalate privileges or move laterally within networks. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation due to the vulnerability's severity and exploitability.

1. Immediately audit all systems and applications that use python-libarchive for ZIP extraction to identify vulnerable versions (up to 4.2.1). 2. Apply patches or updates from the python-libarchive maintainers as soon as they become available. 3. Implement strict input validation and sanitization on all ZIP files before extraction, rejecting archives containing directory traversal sequences or absolute paths. 4. Use sandboxed or isolated environments for extracting untrusted ZIP files to limit potential damage. 5. Employ file system permissions and access controls to restrict write access to critical directories and files. 6. Monitor logs and file system changes for suspicious activity related to ZIP extraction processes. 7. Consider using alternative, secure libraries for ZIP extraction that have been audited for path traversal vulnerabilities. 8. Educate developers and system administrators about the risks of directory traversal in archive extraction and enforce secure coding practices. 9. If patching is delayed, implement runtime detection mechanisms to block or alert on extraction attempts with suspicious file paths.