10 matches found
EUVD-2025-208130
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
GHSA-V653-R55G-HCMG uv has ZIP payload obfuscation through parsing differentials
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
uv has ZIP payload obfuscation through parsing differentials
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
CVE-2025-13327
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
CVE-2025-13327
CVE-2025-13327 affects the uv component used in open-source projects (notably Python-uv in openSUSE). The issue enables arbitrary code execution during package installation/resolution when processing specially crafted ZIP archives that exploit parsing differentials, with user interaction required...
CVE-2025-13327
A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP Zipped Information Package archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package...
EUVD-2025-36724
uv allows ZIP payload obfuscation through parsing differentials...
GHSA-PQHF-P39G-3X64 uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...
uv allows ZIP payload obfuscation through parsing differentials
Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields...
ZIP Payload Obfuscation Through Parsing Differentials
uv is vulnerable to ZIP payload obfuscation through parsing differentials. The vulnerability is due to improper ZIP archive validation due to failure to reconcile file entries against the central directory, allowing attackers to craft archives with inconsistent or stacked ZIPs that behave...