Do Son 
The Python Package Index (PyPI) has announced a set of new upload restrictions aimed at protecting Python package installers and inspection tools from ZIP parser confusion attacks. This move follows the discovery that different Python package installers may interpret the same ZIP file differently β a discrepancy attackers could exploit to bypass security checks.
βZIP archives constructed to exploit ZIP confusion attacks are now rejected by PyPI,β wrote Seth Larson, Security Developer-in-Residence at the Python Software Foundation. βThere is no evidence that this vulnerability has been exploited using PyPI.β
Python βwheelβ distributions β the most common binary package format β are essentially ZIP archives in disguise. Because the ZIP standard, created in 1989, supports features like appending new records to the end of an archive, its implementation can be complex and ambiguous.
Larson notes that the Binary Distribution Format specification leaves many extraction details undefined, allowing installer-specific behaviors. Many installers, for example, skip validating a wheelβs RECORD metadata file β the mechanism meant to ensure all included files are listed and hashed. This creates a loophole for attackers to smuggle extra files past both human and automated reviews.
To close this gap, PyPI will now reject uploads containing problematic ZIP structures, including:
- Invalid record and framing information
- Duplicate filenames in Local File and Central Directory headers
- Mismatched file entries between headers
- Trailing data or multiple End of Central Directory headers
- Incorrect End of Central Directory Locator values
Additionally, PyPI already blocks compression bombs and will now issue email warnings when wheel contents donβt match their RECORD metadata. From February 1, 2026, such wheels will be outright rejected.
βWe encourage all Python installers to use this opportunity to implement cross-checking of extracted wheel contents with the RECORD metadata file,β Larson advises.
Analysis shows that nearly all of the top 15,000 PyPI packages have no ZIP or RECORD issues β meaning the change is expected to cause minimal disruption. Only a handful of projects had missing or mismatched RECORD data, or duplicate ZIP entries.
- For users, the guidance is simple:
- Keep your installer tools up-to-date.
- If an upload fails, read the error message and adjust your build process.
For installer maintainers, ensure your ZIP parser follows the Central Directory-first extraction method, as in Pythonβs zipfile module.
Related Posts:
- European Parliament voted to reject controversial copyright law proposal
- Mattel & OpenAI Team Up: Barbie and Hot Wheels to Get Generative AI Upgrades
- Parse Server Remote Code Execution Vulnerability
- Telegram Refuses France’s Demand for Backdoor Access to User Data
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
