GHSA-6C8G-7P36-R338

Vulnerability from github – Published: 2026-05-08 23:50 – Updated: 2026-05-08 23:50
VLAI
Summary
SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)
Details

Summary

A path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.

Details

The vulnerable code is in the directory-entry branch of WriteToDirectoryInternal (sync, IArchiveExtensions.cs:48–61) and WriteToDirectoryAsyncInternal (async, IAsyncArchiveExtensions.cs:70–84):

var dirPath = Path.Combine(destinationDirectory, entry.Key);
Directory.CreateDirectory(Path.GetDirectoryName(dirPath + "/"));

No Path.GetFullPath() normalisation and no bounds check are applied before the Directory.CreateDirectory call. Two .NET Path.Combine behaviours make this exploitable:

  • Relative traversal: Path.Combine("/safe/extract", "../../evil") → the OS resolves .. segments on the raw path, placing the directory outside the extraction root.
  • Absolute path override: Path.Combine("/safe/extract", "/tmp/evil") → returns "/tmp/evil" — the base is discarded entirely for rooted paths.

File entries are not directly affected — they route through ExtractionMethods.WriteEntryToDirectory which applies the correct guard (GetFullPath + StartsWith, see ExtractionMethods.cs:54–65). The directory-entry branch is a separate fast-path that was added without that guard.

Affected archive formats: ZIP and TAR (non-solid). Solid archives and 7-Zip use the reader path which calls the secure method.

Escalation to arbitrary file writes (TAR only)

Path.GetFullPath on .NET does not resolve symlinks — it only normalises . and .. segments. This means the file-entry guard in ExtractionMethods.WriteEntryToDirectory can be bypassed via symlink chaining in TAR archives when the caller supplies a SymbolicLinkHandler:

archive.WriteToDirectory("/safe/extract", new ExtractionOptions
{
    ExtractFullPath = true,
    SymbolicLinkHandler = (linkPath, linkTarget) =>
        File.CreateSymbolicLink(linkPath, linkTarget)  // naive — no validation of linkTarget
});

Attack sequence in a single TAR archive:

  1. Symlink entrylink../evil_outside/ The SymbolicLinkHandler creates /safe/extract/link pointing outside the extraction root.

  2. File entrylink/secret.txt ExtractionMethods.WriteEntryToDirectory computes:

  3. destdir = Path.GetFullPath("/safe/extract/link")"/safe/extract/link" — textually inside root, check passes ✓
  4. File.Open("/safe/extract/link/secret.txt") — OS follows symlink, file is written to /evil_outside/secret.txt

The library does not validate linkTarget before passing it to the caller's handler, and the XML docs do not warn that it may be a traversal path. The idiomatic handler implementation above is therefore silently exploitable.

ZIP does not support symlinks in SharpCompress (ZipEntry.LinkTarget always returns null), so this escalation is TAR-only.

Attack ZIP TAR
Directory traversal (escape extraction root) Yes Yes
Escalate to arbitrary file writes via symlink chain No Yes (if caller provides SymbolicLinkHandler)

Recommended fix — apply the same pattern from ExtractionMethods.WriteEntryToDirectory to both affected files:

var fullDestDir = Path.GetFullPath(destinationDirectory);
if (!fullDestDir.EndsWith(Path.DirectorySeparatorChar))
    fullDestDir += Path.DirectorySeparatorChar;

var dirPath = Path.GetFullPath(Path.Combine(fullDestDir, entry.Key));
if (!dirPath.StartsWith(fullDestDir, PathComparison))
    throw new ExtractionException(
        "Entry is trying to create a directory outside of the destination directory.");

Directory.CreateDirectory(dirPath);

Additionally, the library should validate LinkTarget before invoking the caller's SymbolicLinkHandler, or document clearly that callers must validate it themselves.

PoC

A self-contained .NET console app is available at: https://github.com/svenclaesson/poc-sharpcompress-traversal

git clone https://github.com/svenclaesson/poc-sharpcompress-traversal
cd poc-sharpcompress-traversal
dotnet run

The PoC crafts a ZIP with three directory entries (../../escaped_relative/, /tmp/escaped_absolute/, safe_subdir/) using System.IO.Compression (stdlib), then extracts with SharpCompress. Output shows [ESCAPED] for the two malicious entries and [ok] for the legitimate one, on both sync and async APIs.

Tested against SharpCompress 0.47.4 (latest NuGet).

Impact

This is a path traversal / zip slip vulnerability (CWE-22). Any application that calls archive.WriteToDirectory() on an untrusted archive is affected — which covers the primary documented extraction API.

For ZIP archives the impact is limited to arbitrary directory creation, which can be used to stage privilege escalation (e.g. cron drop-ins, XDG config paths, service spool directories) or shadow expected paths to alter application behaviour.

For TAR archives, callers that implement a SymbolicLinkHandler — which is the only way to faithfully restore a TAR — are exposed to a full arbitrary file write primitive via the symlink chaining described above.

Severity
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "SharpCompress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.47.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44788"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T23:50:40Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nA path traversal vulnerability in `IArchive.WriteToDirectory()` allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target filesystem subject to the permissions of the running process.\n\n### Details\n\nThe vulnerable code is in the directory-entry branch of `WriteToDirectoryInternal` (sync, `IArchiveExtensions.cs:48\u201361`) and `WriteToDirectoryAsyncInternal` (async, `IAsyncArchiveExtensions.cs:70\u201384`):\n\n```csharp\nvar dirPath = Path.Combine(destinationDirectory, entry.Key);\nDirectory.CreateDirectory(Path.GetDirectoryName(dirPath + \"/\"));\n```\n\nNo `Path.GetFullPath()` normalisation and no bounds check are applied before the `Directory.CreateDirectory` call. Two .NET `Path.Combine` behaviours make this exploitable:\n\n- **Relative traversal**: `Path.Combine(\"/safe/extract\", \"../../evil\")` \u2192 the OS resolves `..` segments on the raw path, placing the directory outside the extraction root.\n- **Absolute path override**: `Path.Combine(\"/safe/extract\", \"/tmp/evil\")` \u2192 returns `\"/tmp/evil\"` \u2014 the base is discarded entirely for rooted paths.\n\nFile entries are **not** directly affected \u2014 they route through `ExtractionMethods.WriteEntryToDirectory` which applies the correct guard (`GetFullPath` + `StartsWith`, see `ExtractionMethods.cs:54\u201365`). The directory-entry branch is a separate fast-path that was added without that guard.\n\nAffected archive formats: ZIP and TAR (non-solid). Solid archives and 7-Zip use the reader path which calls the secure method.\n\n#### Escalation to arbitrary file writes (TAR only)\n\n`Path.GetFullPath` on .NET does not resolve symlinks \u2014 it only normalises `.` and `..` segments. This means the file-entry guard in `ExtractionMethods.WriteEntryToDirectory` can be bypassed via symlink chaining in TAR archives when the caller supplies a `SymbolicLinkHandler`:\n\n```csharp\narchive.WriteToDirectory(\"/safe/extract\", new ExtractionOptions\n{\n    ExtractFullPath = true,\n    SymbolicLinkHandler = (linkPath, linkTarget) =\u003e\n        File.CreateSymbolicLink(linkPath, linkTarget)  // naive \u2014 no validation of linkTarget\n});\n```\n\nAttack sequence in a single TAR archive:\n\n1. **Symlink entry** \u2014 `link` \u2192 `../evil_outside/`\n   The `SymbolicLinkHandler` creates `/safe/extract/link` pointing outside the extraction root.\n\n2. **File entry** \u2014 `link/secret.txt`\n   `ExtractionMethods.WriteEntryToDirectory` computes:\n   - `destdir = Path.GetFullPath(\"/safe/extract/link\")` \u2192 `\"/safe/extract/link\"` \u2014 textually inside root, check passes \u2713\n   - `File.Open(\"/safe/extract/link/secret.txt\")` \u2014 OS follows symlink, file is written to `/evil_outside/secret.txt`\n\nThe library does not validate `linkTarget` before passing it to the caller\u0027s handler, and the XML docs do not warn that it may be a traversal path. The idiomatic handler implementation above is therefore silently exploitable.\n\nZIP does not support symlinks in SharpCompress (`ZipEntry.LinkTarget` always returns `null`), so this escalation is TAR-only.\n\n| Attack | ZIP | TAR |\n|--------|-----|-----|\n| Directory traversal (escape extraction root) | Yes | Yes |\n| Escalate to arbitrary file writes via symlink chain | No | Yes (if caller provides `SymbolicLinkHandler`) |\n\n**Recommended fix** \u2014 apply the same pattern from `ExtractionMethods.WriteEntryToDirectory` to both affected files:\n\n```csharp\nvar fullDestDir = Path.GetFullPath(destinationDirectory);\nif (!fullDestDir.EndsWith(Path.DirectorySeparatorChar))\n    fullDestDir += Path.DirectorySeparatorChar;\n\nvar dirPath = Path.GetFullPath(Path.Combine(fullDestDir, entry.Key));\nif (!dirPath.StartsWith(fullDestDir, PathComparison))\n    throw new ExtractionException(\n        \"Entry is trying to create a directory outside of the destination directory.\");\n\nDirectory.CreateDirectory(dirPath);\n```\n\nAdditionally, the library should validate `LinkTarget` before invoking the caller\u0027s `SymbolicLinkHandler`, or document clearly that callers must validate it themselves.\n\n### PoC\n\nA self-contained .NET console app is available at:\n`https://github.com/svenclaesson/poc-sharpcompress-traversal`\n\n```\ngit clone https://github.com/svenclaesson/poc-sharpcompress-traversal\ncd poc-sharpcompress-traversal\ndotnet run\n```\n\nThe PoC crafts a ZIP with three directory entries (`../../escaped_relative/`, `/tmp/escaped_absolute/`, `safe_subdir/`) using `System.IO.Compression` (stdlib), then extracts with SharpCompress. Output shows `[ESCAPED]` for the two malicious entries and `[ok]` for the legitimate one, on both sync and async APIs.\n\nTested against SharpCompress 0.47.4 (latest NuGet).\n\n### Impact\n\nThis is a path traversal / zip slip vulnerability (CWE-22). Any application that calls `archive.WriteToDirectory()` on an untrusted archive is affected \u2014 which covers the primary documented extraction API.\n\nFor ZIP archives the impact is limited to arbitrary directory creation, which can be used to stage privilege escalation (e.g. cron drop-ins, XDG config paths, service spool directories) or shadow expected paths to alter application behaviour.\n\nFor TAR archives, callers that implement a `SymbolicLinkHandler` \u2014 which is the only way to faithfully restore a TAR \u2014 are exposed to a full arbitrary file write primitive via the symlink chaining described above.",
  "id": "GHSA-6c8g-7p36-r338",
  "modified": "2026-05-08T23:50:40Z",
  "published": "2026-05-08T23:50:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/adamhathcock/sharpcompress/security/advisories/GHSA-6c8g-7p36-r338"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/adamhathcock/sharpcompress"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.